| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
'security-11-2-6881-project-group-approvers-leaks-private-group-info-ce' into 'security-11-2'
[11.2] Project group approvers leaks private group info
See merge request gitlab/gitlabhq!2489
|
| |
|
|\
| |
| |
| |
| | |
Disallow methods that copy data on large tables
See merge request gitlab-org/gitlab-ce!20021
|
| |
| |
| |
| |
| | |
These are all over 20 GB on GitLab.com. merge_request_diff_commits is several
hundred gigabytes in size.
|
| |
| |
| |
| |
| |
| | |
{change_column_type,rename_column}_concurrently both copy data from one column
to another during a migration, which should not be done on GitLab.com. Instead,
we should use background migrations.
|
|/
|
|
|
|
|
| |
This notifies developers when calling `find(_by!)` chained on
`execute`. And suggests using the methods from `FinderMethods`. These
will perform the correct authorization checks on the resource when it
is found.
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
|
|
| |
whole Rails env
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
|
|
|
|
|
| |
This reverts the addition of the "goldiloader" Gem and all use of it.
While this Gem is very promising it's causing a variety of problems on
GitLab.com due to it eager-loading too much data in places where we
don't expect/can handle this. At least for the time being this means we
have to go back to manually fixing N+1 query problems, but at least
those should not cause a negative impact on availability.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Goldiloader is great, but has several issues with has_many :through relations:
* https://github.com/salsify/goldiloader/issues/12
* https://github.com/salsify/goldiloader/issues/14
* https://github.com/salsify/goldiloader/issues/18
Rather than try to figure out which applies in each case, we should just do the
drudge work of manually disabling autoloading for all relations of this type. We
can always use regular preloading for specific cases, but this way we avoid
generating invalid queries through Goldiloader's magic.
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
|
| |
Server Side Request Forgery in Services and Web Hooks
See merge request gitlab/gitlabhq!2337
|
| |
|
| |
|
|
|
|
| |
with StrongMemoize
|
| |
|
|
|
|
| |
Also try to use the same config from EE
|
|
|
|
| |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* upstream/master: (671 commits)
Make rubocop happy
Use guard clause
Improve language
Prettify
Use temp branch
Pass info about who started the job and which job triggered it
Docs: add indexes for monitoring and performance monitoring
clearer-documentation-on-inline-diffs
Add docs for commit diff discussion in merge requests
sorting for tags api
Clear BatchLoader after each spec to prevent holding onto records longer than necessary
Include project in BatchLoader key to prevent returning blobs for the wrong project
moved lfs_blob_ids method into ExtractsPath module
Converted JS modules into exported modules
spec fixes
Bump gitlab-shell version to 5.10.3
Clear caches before updating MR diffs
Use new Ruby version 2.4 in GitLab QA images
moved lfs blob fetch from extractspath file
Update GitLab QA dependencies
...
|
| |
| |
| |
| | |
manually set their queue
|
| |
| |
| |
| |
| |
| |
| | |
remove_column should only be used in the up (or change) step of a migration if
it's a post-deployment migration. Otherwise there will be downtime due to the
ActiveRecord column cache, which we can avoid by using the IgnorableColumn
concern in combination with a post-deployment migration.
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* upstream/master: (126 commits)
Update VERSION to 10.3.0-pre
Update CHANGELOG.md for 10.2.0
default fill color for SVGs
ignore hashed repos (for now) when using `rake gitlab:cleanup:repos`
Use Redis cache for branch existence checks
Update CONTRIBUTING.md: Link definition of done to criteria
Use `make install` for Gitaly setups in non-test environments
FileUploader should check for hashed_storage?(:attachments) to use disk_path
Set the default gitlab-shell timeout to 3 hours
Update composite pipelines index to include "id"
Use arrays in Pipeline#latest_builds_with_artifacts
Fix blank states using old css
Skip confirmation user api
Custom issue tracker
Revert "check for `read_only?` first before seeing if request is disallowed"
add `#with_metadata` scope to remove a N+1 from the notes' API
Fix promoting milestone updating all issuables without milestone
Batchload blobs for diff generation
check for `read_only?` first before seeing if request is disallowed
use `Gitlab::Routing.url_helpers` instead of `Rails.application.routes.url_helpers`
...
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
Adds Rubocop rule for line break after guard clause
Closes #18040
See merge request gitlab-org/gitlab-ce!15188
|
| | |
| | |
| | |
| | | |
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add_column_with_default is implemented in terms of update_column_in_batches, but
update_column_in_batches can be used independently. Neither of these should be
used on the specified large tables, because they will cause issues on large
instances like GitLab.com.
This also ignores the cop for all existing migrations, renaming
AddColumnWithDefaultToLargeTable where appropriate.
|
| |
| |
| |
| |
| | |
And use .rubocop.yml to exclude paths we don't care,
rather than using the cop itself to exclude.
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* upstream/master: (1723 commits)
Resolve "Editor icons"
Refactor issuable destroy action
Ignore routes matching legacy_*_redirect in route specs
Gitlab::Git::RevList and LfsChanges use lazy popen
Gitlab::Git::Popen can lazily hand output to a block
Merge branch 'master-i18n' into 'master'
Remove unique validation from external_url in Environment
Expose `duration` in Job API entity
Add TimeCop freeze for DST and Regular time
Harcode project visibility
update a changelog
Put a condition to old migration that adds fast_forward column to MRs
Expose project visibility as CI variable
fix flaky tests by removing unneeded clicks and focus actions
fix flaky test in gfm_autocomplete_spec.rb
Use Gitlab::Git operations for repository mirroring
Encapsulate git operations for mirroring in Gitlab::Git
Create a Wiki Repository's raw_repository properly
Add `Gitlab::Git::Repository#fetch` command
Fix Gitlab::Metrics::System#real_time and #monotonic_time doc
...
|
| |
| |
| |
| | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
| |
| |
| |
| | |
The types `timestamp` and `datetime` are aliases:
https://github.com/rails/rails/blob/v4.2.10/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb#L362-L364
|
| |
| |
| |
| |
| |
| | |
Replaces all the explicit include metadata syntax in the specs (tag:
true) into the implicit one (:tag).
Added a cop to prevent future errors and handle autocorrection.
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
- ci_builds -- 33 million rows, 55 GB
- merge_request_diff_files -- 5 million rows, 9 GB (and growing rapidly)
- merge_request_diffs -- 5 million rows, 190 GB
|
|
|
|
|
|
| |
These indexes are not recorded in the WAL (at least until PostgreSQL
10) and this isn't worth the minor performance improvement over btree
indexes.
|
|
|
|
|
|
|
| |
This module provides a class method called `each_batch` that can be used
to iterate tables in batches in a more efficient way compared to Rails'
`in_batches` method. This commit also includes a RuboCop cop to
blacklist the use of `in_batches` in favour of this new method.
|
|
|
|
|
| |
This cop has been renamed to ActiveRecordSerialize to match the way
"ActiveRecord" is usually written.
|
|
|
|
|
|
|
|
| |
This is allowed for existing instances so we don't end up 76 offenses
right away, but for new code one should _only_ use this if they _have_
to remove non database data. Even then it's usually better to do this in
a service class as this gives you more control over how to remove the
data (e.g. in bulk).
|
| |
|
|
|
|
| |
Resolves the `codeclimate` CI failure
|
|
|
|
|
| |
This cop adds an offense when `before`, `after`, or `around` are used as
single-line blocks.
|
|
|
|
| |
'timestamps_with_timezone'
|
|
|
|
|
|
|
|
| |
One should really use a separate table instead of using polymorphic
associations.
See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11168 for
more information.
|
|
|
|
| |
explicitly set 'status' in 'destroy' actions of controllers
|