Split Cropper.js from the main JavaScript manifest. ## What does this MR do? Splits Cropper.js from the main JavaScript file. ## Are there points in the code the reviewer needs to double check? That the avatar uploader works. (It did in my testing) ## Why was this MR needed? Smaller JS payload. ## What are the relevant issue numbers? #14372 ## Does this MR meet the acceptance criteria? - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4978
Allow specifying protected branches using wildcards
Closes #18627
# Tasks
- [ ] #18627 !4665 Allow specifying protected branches using wildcards
- [x] Find existing usages of protected branches
- Protecting branches
- `ProtectedBranchesController` is used to mark a branch protected/unprotected
- `API::Branches` can be used to mark a branch protected/unprotected
- Enforcing branch protection
- `Gitlab::GitAccess` has helpers (`can_push_to_branch?`, `check`) that are used to deny pushes if a branch is protected
- Over SSH: `gitlab-shell` receives a push, and calls `/allowed` on the GitLab API, which calls `GitAccess.check`
- Over HTTP:
- `gitlab-workhorse` receives the request, and forwards it to rails
- Rails (in the `GitHttpController#git-recieve-pack`) runs basic checks (is the user logged in, not protected branch checks) and returns ok with `GL_ID` and `RepoPath`
- `gitlab-workhorse` looks at the response, and calls the relevant `gitlab-shell` action from `git-http/handlePostRPC`
- Rest of this flow is the same as the SSH flow above
- [x] Implementation
- [x] Backend
- [x] Change `project#protected_branch?` to look at wildcard protected branches
- [x] Change `project#developers_can_push_to_protected_branch?`
- [x] Change `project#open_branches`
- [x] Better error message when creating a disallowed branch from the Web UI
- [x] Frontend
- [x] Protected branches page should allow typing out a wildcard pattern
- [x] Add help text explaining the use of wildcards
- [x] Show matching branches for each protected branch
- [x] ~~On the index page~~
- [x] On a show page
- [x] Index?
- [x] Can't have the "last commit" column for wildcard protected branches
- [x] Fix / write tests
- [x] What happens if a hook is missing in dev?
- [x] Refactor
- [x] Test workflows
- Create a branch matching a wildcard pattern
- Push to a branch matching a wildcard pattern
- Force push to a branch matching a wildcard pattern
- Delete a branch matching a wildcard pattern
- [x] Test using Web UI
- [x] Test over SSH
- [x] Test over HTTP
- [x] Test as developer and master
- [x] Investigate performance
- [x] Test with a large number of protected branches / branches
- [x] Paginate list of protected branches
- [x] ~~Possibly rewrite `open_branches`~~
- [x] Add `iid`s to existing `ProtectedBranch`es
- [x] Add documentation
- [x] Add CHANGELOG entry
- [x] Add screenshots
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/2f753e3ed2ce681b4444944d521f4419e8ed37f7/builds) passes
- [x] Assign to endboss for review
- [x] Address @DouweM's comments
- [x] `protected_branch_params`
- [x] `exact_match` instead of `explicit_match`
- [x] When would self.name be blank?
- [x] Move `protected_branches.each` to a partial
- [x] Move `matching_branches.each` to a partial
- [x] If the branch is in @matching_branches, it's not been removed
- [x] move this regex to a method and memoize it
- [x] `commit_sha` directly for exact matches
- [x] Number of matches for wildcard matches, with a link
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/43f9ce0e88194b8f719bb1c1e656b7fc13278d56/builds) to pass
- [x] Respond to @DouweM's comments
- [x] Don't use iid
- [x] Controller should use `@project.protected_branches.new`
- [x] move the memoization to `def wildcard_regex`
- [x] render with `collection: @protected_branches`
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/f7beedf122fa0c7aa89e86181fe7499321fb10ca/builds) to pass
- [x] Wait for @DouweM's review
- [x] Wait for @jschatz1's review
- [x] Respond to @jschatz1's comments
- [x] Use the new dropdown style
- [x] description should be moved to the description section without the styling
- [x] Protect button should be disabled when no branch is selected
- [x] Update screenshots
- [x] Merge conflicts
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/20f3cfe8d5540eab64c2ba548043d600b28c61ba/builds) passes
- [ ] Revisit performance, possibly with staging/production data
- [ ] Get a dump of staging / run against staging live
- [ ] Get SSH access to staging
- [ ] Wait for review/merge
# Screenshots
## Creating wildcard protected branches
### Using the `GLDropdown` component
## Enforcing wildcard protected branches
### From the Web UI
### Over SSH
### Over HTTPS
## Listing matching branches
See merge request !4665
1. Allow entering any branch name for a protected branch.
- Either pick from a list of options, or enter it manually
- You can enter wildcards.
2. Display branches matching a protected branch.
- Add a `ProtectedBranches#show` page that displays the branches
matching the given protected branch, or a message if there are no
matches.
- On the `index` page, display the last commit for an exact match,
or the number of matching branches for a wildcard match.
- Add an `iid` column to `protected_branches` - this is what we use for
the `show` page URL.
- On the off chance that this feature is unnecessary, this commit
encapsulates it neatly, so it can be removed without affecting
anything else.
3. Remove the "Last Commit" column from the list of protected branches.
- There's no way to pull these for wildcard protected branches, so it's
best left for the `show` page.
- Rename the `@branches` instance variable to `@protected_branches`
- Minor styling changes with the "Unprotect" button - floated right
like the "Revoke" button for personal access tokens
4. Paginate the list of protected branches.
5. Move the instructions to the left side of the page.
Upgrade sprockets and sprockets rails, remove quiet_assets ## What does this MR do? Upgrade Sprockets from 3.6.0 to 3.6.2. Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md Upgrade Sprockets Rails from 3.0.4 to 3.1.1. Changelog: https://github.com/rails/sprockets-rails/compare/v3.0.4...v3.1.1 quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in! The config was added in this PR: https://github.com/rails/sprockets-rails/pull/355 Working towards #14286. See merge request !5029
quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in! From this PR: https://github.com/rails/sprockets-rails/pull/355
This stands as an alternative to using OAuth to access a user's Github repositories. This is setup in such a way that it can be used without OAuth configuration. From a UI perspective, the how to import modal has been replaced by a full page, which includes a form for posting a personal access token back to the Import::GithubController. If the user has logged in via GitHub, skip the Personal Access Token and go directly to Github for an access token via OAuth.
Make Rack::Request use our trusted proxies when filtering IP addresses
## What does this MR do?
This allows us to control the trusted proxies while deployed in a private network.
## Are there points in the code the reviewer needs to double check?
If we want to limit what is impacted, we can do this specifically for the rack_attack request object.
## Why was this MR needed?
Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges.
Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
## What are the relevant issue numbers?
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- [ ] ~~API support added~~
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
\cc @stanhu
See merge request !4958