diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-10 06:09:43 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-10 06:09:43 +0000 |
| commit | 213da19cda5309148952ab770e2a9e122fe32e22 (patch) | |
| tree | 80a48af510839497fa83625a34530543d255a957 | |
| parent | 3591ecba91126089ebf916f9bd95fe497609920c (diff) | |
| download | gitlab-ce-213da19cda5309148952ab770e2a9e122fe32e22.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
47 files changed, 219 insertions, 438 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 72860a91241..4468934a80b 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -565,7 +565,6 @@ lib/gitlab/checks/** /doc/api/license.md @fneill /doc/api/linked_epics.md @msedlakjakubowski /doc/api/lint.md @marcel.amirault -/doc/api/managed_licenses.md @fneill /doc/api/markdown.md @msedlakjakubowski /doc/api/member_roles.md @jglassman1 /doc/api/members.md @jglassman1 diff --git a/.rubocop_todo/gitlab/namespaced_class.yml b/.rubocop_todo/gitlab/namespaced_class.yml index b7982123489..925b5188c8b 100644 --- a/.rubocop_todo/gitlab/namespaced_class.yml +++ b/.rubocop_todo/gitlab/namespaced_class.yml @@ -821,8 +821,6 @@ Gitlab/NamespacedClass: - 'app/workers/run_pipeline_schedule_worker.rb' - 'app/workers/schedule_merge_request_cleanup_refs_worker.rb' - 'app/workers/schedule_migrate_external_diffs_worker.rb' - - 'app/workers/self_monitoring_project_create_worker.rb' - - 'app/workers/self_monitoring_project_delete_worker.rb' - 'app/workers/service_desk_email_receiver_worker.rb' - 'app/workers/stage_update_worker.rb' - 'app/workers/stuck_ci_jobs_worker.rb' diff --git a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml index 29d28b2006a..d1b6eddb465 100644 --- a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml +++ b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml @@ -304,7 +304,6 @@ Layout/LineEndStringConcatenationIndentation: - 'spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb' - 'spec/requests/api/releases_spec.rb' - 'spec/requests/api/users_spec.rb' - - 'spec/requests/self_monitoring_project_spec.rb' - 'spec/rubocop/cop/api/grape_array_missing_coerce_spec.rb' - 'spec/rubocop/cop/group_public_or_visible_to_user_spec.rb' - 'spec/rubocop/cop/migration/create_table_with_foreign_keys_spec.rb' @@ -328,7 +327,6 @@ Layout/LineEndStringConcatenationIndentation: - 'spec/support/shared_examples/features/project_upload_files_shared_examples.rb' - 'spec/support/shared_examples/lib/email/email_shared_examples.rb' - 'spec/support/shared_examples/requests/api/notes_shared_examples.rb' - - 'spec/support/shared_examples/requests/self_monitoring_shared_examples.rb' - 'spec/uploaders/file_mover_spec.rb' - 'spec/views/devise/shared/_signup_box.html.haml_spec.rb' - 'spec/views/projects/pages/show.html.haml_spec.rb' diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml index 510c0c3d990..af8f9dd3cb1 100644 --- a/.rubocop_todo/layout/line_length.yml +++ b/.rubocop_todo/layout/line_length.yml @@ -2777,7 +2777,6 @@ Layout/LineLength: - 'lib/gitlab/database/with_lock_retries.rb' - 'lib/gitlab/database/with_lock_retries_outside_transaction.rb' - 'lib/gitlab/database_importers/instance_administrators/create_group.rb' - - 'lib/gitlab/database_importers/self_monitoring/project/create_service.rb' - 'lib/gitlab/dependency_linker/base_linker.rb' - 'lib/gitlab/dependency_linker/go_mod_linker.rb' - 'lib/gitlab/dependency_linker/go_sum_linker.rb' @@ -4001,7 +4000,6 @@ Layout/LineLength: - 'spec/lib/gitlab/database/transaction/observer_spec.rb' - 'spec/lib/gitlab/database/with_lock_retries_outside_transaction_spec.rb' - 'spec/lib/gitlab/database/with_lock_retries_spec.rb' - - 'spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb' - 'spec/lib/gitlab/database_spec.rb' - 'spec/lib/gitlab/dependency_linker/package_json_linker_spec.rb' - 'spec/lib/gitlab/dependency_linker/requirements_txt_linker_spec.rb' diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml index d33fcb13792..8a5c07c8892 100644 --- a/.rubocop_todo/rspec/context_wording.yml +++ b/.rubocop_todo/rspec/context_wording.yml @@ -2778,7 +2778,6 @@ RSpec/ContextWording: - 'spec/services/metrics/dashboard/grafana_metric_embed_service_spec.rb' - 'spec/services/metrics/dashboard/panel_preview_service_spec.rb' - 'spec/services/metrics/dashboard/pod_dashboard_service_spec.rb' - - 'spec/services/metrics/dashboard/self_monitoring_dashboard_service_spec.rb' - 'spec/services/metrics/dashboard/system_dashboard_service_spec.rb' - 'spec/services/metrics/dashboard/transient_embed_service_spec.rb' - 'spec/services/metrics/dashboard/update_dashboard_service_spec.rb' diff --git a/.rubocop_todo/rspec/expect_in_hook.yml b/.rubocop_todo/rspec/expect_in_hook.yml index de3a77b9139..4003908c97e 100644 --- a/.rubocop_todo/rspec/expect_in_hook.yml +++ b/.rubocop_todo/rspec/expect_in_hook.yml @@ -218,7 +218,6 @@ RSpec/ExpectInHook: - 'spec/lib/gitlab/database/with_lock_retries_spec.rb' - 'spec/lib/gitlab/database_importers/common_metrics/importer_spec.rb' - 'spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb' - - 'spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb' - 'spec/lib/gitlab/diff/highlight_cache_spec.rb' - 'spec/lib/gitlab/email/service_desk_receiver_spec.rb' - 'spec/lib/gitlab/faraday/error_callback_spec.rb' diff --git a/.rubocop_todo/rspec/missing_feature_category.yml b/.rubocop_todo/rspec/missing_feature_category.yml index 4c7a30a32ee..40f4516abb4 100644 --- a/.rubocop_todo/rspec/missing_feature_category.yml +++ b/.rubocop_todo/rspec/missing_feature_category.yml @@ -3556,8 +3556,6 @@ RSpec/MissingFeatureCategory: - 'spec/lib/gitlab/database_importers/common_metrics/importer_spec.rb' - 'spec/lib/gitlab/database_importers/common_metrics/prometheus_metric_spec.rb' - 'spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb' - - 'spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb' - - 'spec/lib/gitlab/database_importers/self_monitoring/project/delete_service_spec.rb' - 'spec/lib/gitlab/default_branch_spec.rb' - 'spec/lib/gitlab/dependency_linker/base_linker_spec.rb' - 'spec/lib/gitlab/dependency_linker/cargo_toml_linker_spec.rb' diff --git a/.rubocop_todo/style/format_string.yml b/.rubocop_todo/style/format_string.yml index aa2b81c8cfc..9d202dcd7fb 100644 --- a/.rubocop_todo/style/format_string.yml +++ b/.rubocop_todo/style/format_string.yml @@ -265,7 +265,6 @@ Style/FormatString: - 'lib/gitlab/database/postgres_hll/batch_distinct_counter.rb' - 'lib/gitlab/database/reindexing/reindex_concurrently.rb' - 'lib/gitlab/database_importers/instance_administrators/create_group.rb' - - 'lib/gitlab/database_importers/self_monitoring/project/create_service.rb' - 'lib/gitlab/email/message/in_product_marketing/base.rb' - 'lib/gitlab/email/message/in_product_marketing/create.rb' - 'lib/gitlab/email/message/in_product_marketing/helper.rb' diff --git a/app/assets/javascripts/work_items/components/work_item_links/work_item_children_wrapper.vue b/app/assets/javascripts/work_items/components/work_item_links/work_item_children_wrapper.vue index 098917f2b56..4b6f581d76d 100644 --- a/app/assets/javascripts/work_items/components/work_item_links/work_item_children_wrapper.vue +++ b/app/assets/javascripts/work_items/components/work_item_links/work_item_children_wrapper.vue @@ -5,7 +5,6 @@ import Draggable from 'vuedraggable'; import { isLoggedIn } from '~/lib/utils/common_utils'; import { DEFAULT_DEBOUNCE_AND_THROTTLE_MS } from '~/lib/utils/constants'; import { defaultSortableOptions } from '~/sortable/constants'; -import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin'; import { WORK_ITEM_TYPE_VALUE_OBJECTIVE } from '../../constants'; import { findHierarchyWidgets, getWorkItemQuery } from '../../utils'; @@ -18,7 +17,6 @@ export default { components: { WorkItemLinkChild, }, - mixins: [glFeatureFlagsMixin()], inject: ['fullPath'], props: { workItemType: { @@ -57,7 +55,7 @@ export default { }, computed: { canReorder() { - return this.glFeatures.workItemsMvc2 && isLoggedIn() && this.canUpdate; + return isLoggedIn() && this.canUpdate; }, treeRootWrapper() { return this.canReorder ? Draggable : 'div'; diff --git a/app/graphql/types/work_item_type.rb b/app/graphql/types/work_item_type.rb index 888f22b4dd3..1e58781dbb9 100644 --- a/app/graphql/types/work_item_type.rb +++ b/app/graphql/types/work_item_type.rb @@ -39,6 +39,18 @@ module Types description: 'Title of the work item.' field :updated_at, Types::TimeType, null: false, description: 'Timestamp of when the work item was last updated.' + + field :create_note_email, GraphQL::Types::String, + null: true, + description: 'User specific email address for the work item.' + + field :reference, GraphQL::Types::String, null: false, + description: 'Internal reference of the work item. Returned in shortened format by default.', + method: :to_reference do + argument :full, GraphQL::Types::Boolean, required: false, default_value: false, + description: 'Boolean option specifying whether the reference should be returned in full.' + end + field :widgets, [Types::WorkItems::WidgetInterface], null: true, @@ -54,5 +66,9 @@ module Types def web_url Gitlab::UrlBuilder.build(object) end + + def create_note_email + object.creatable_note_email_address(context[:current_user]) + end end end diff --git a/app/models/concerns/noteable.rb b/app/models/concerns/noteable.rb index 0333cfc5f9e..65e7f734233 100644 --- a/app/models/concerns/noteable.rb +++ b/app/models/concerns/noteable.rb @@ -198,7 +198,7 @@ module Noteable def creatable_note_email_address(author) return unless supports_creating_notes_by_email? - project_email = project.new_issuable_address(author, self.class.name.underscore) + project_email = project&.new_issuable_address(author, base_class_name.underscore) return unless project_email project_email.sub('@', "-#{iid}@") diff --git a/app/models/integrations/prometheus.rb b/app/models/integrations/prometheus.rb index b148539dec6..2dc0fd7d011 100644 --- a/app/models/integrations/prometheus.rb +++ b/app/models/integrations/prometheus.rb @@ -30,12 +30,9 @@ module Integrations help: -> { s_('PrometheusService|The contents of the credentials.json file of your service account.') }, required: false - # We need to allow the self-monitoring project to connect to the internal - # Prometheus instance. # Since the internal Prometheus instance is usually a localhost URL, we need # to allow localhost URLs when the following conditions are true: - # 1. project is the self-monitoring project. - # 2. api_url is the internal Prometheus URL. + # 1. api_url is the internal Prometheus URL. with_options presence: true do validates :api_url, public_url: true, if: ->(object) { object.manual_configuration? && !object.allow_local_api_url? } validates :api_url, url: true, if: ->(object) { object.manual_configuration? && object.allow_local_api_url? } diff --git a/app/models/project.rb b/app/models/project.rb index 16719316ede..68ed9ad9f93 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -173,8 +173,6 @@ class Project < ApplicationRecord has_one :last_event, -> { order 'events.created_at DESC' }, class_name: 'Event' has_many :boards - has_many :application_setting - def self.integration_association_name(name) "#{name}_integration" end diff --git a/data/deprecations/15-8-third-party-registries.yml b/data/deprecations/15-8-third-party-registries.yml index 6eb49f1dd26..6d583cd3d19 100644 --- a/data/deprecations/15-8-third-party-registries.yml +++ b/data/deprecations/15-8-third-party-registries.yml @@ -6,7 +6,11 @@ stage: Package # (required) String value of the stage that the feature was created in. e.g., Growth issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/376216 # (required) Link to the deprecation issue in GitLab body: | # (required) Do not modify this line, instead modify the lines below. - Using third-party container registries is deprecated in GitLab 15.8 and the end of support is scheduled for GitLab 16.0. Supporting both GitLab's Container Registry and third-party container registries is challenging for maintenance, code quality, and backward compatibility. This hinders our ability to stay [efficient](https://about.gitlab.com/handbook/values/#efficiency). + Using third-party container registries with GitLab as an auth endpoint is deprecated in GitLab 15.8 and the [end of support](https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology) is scheduled for GitLab 16.0. This impacts self-managed customers that have connected their external registry to the GitLab user interface to find, view, and delete container images. + + Supporting both GitLab's Container Registry as well as third-party container registries is challenging for maintenance, code quality, and backward compatibility. This hinders our ability to stay [efficient](https://about.gitlab.com/handbook/values/#efficiency). As a result we will not support this functionality moving forward. + + This change will not impact your ability to pull and push container images to external registries using pipelines. Since we released the new [GitLab Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/5523) version for GitLab.com, we've started to implement additional features that are not available in third-party container registries. These new features have allowed us to achieve significant performance improvements, such as [cleanup policies](https://gitlab.com/groups/gitlab-org/-/epics/8379). We are focusing on delivering [new features](https://gitlab.com/groups/gitlab-org/-/epics/5136), most of which will require functionalities only available on the GitLab Container Registry. This deprecation allows us to reduce fragmentation and user frustration in the long term by focusing on delivering a more robust integrated registry experience and feature set. diff --git a/data/deprecations/15-9-license-compliance-ci-template.yml b/data/deprecations/15-9-license-compliance-ci-template.yml index 7fd6a348915..edce1062883 100644 --- a/data/deprecations/15-9-license-compliance-ci-template.yml +++ b/data/deprecations/15-9-license-compliance-ci-template.yml @@ -1,14 +1,16 @@ - title: "License Compliance CI Template" announcement_milestone: "15.9" - removal_milestone: "16.0" + removal_milestone: "16.1" breaking_change: true reporter: sam.white stage: secure issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387561 body: | - The GitLab [License Compliance](https://docs.gitlab.com/ee/user/compliance/license_compliance/) CI template is now deprecated and is scheduled for removal in the GitLab 16.0 release. Users who wish to continue using GitLab for License Compliance should remove the License Compliance template from their CI pipeline and add the [Dependency Scanning template](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuration). The Dependency Scanning template is now capable of gathering the required license information so it is no longer necessary to run a separate License Compliance job. The License Compliance CI template should not be removed prior to verifying that the `license_scanning_sbom_scanner` and `package_metadata_synchronization` flags are enabled for the instance and that the instance has been upgraded to a version that supports [the new method of license scanning](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/). + **Update:** We previously announced we would remove the existing License Compliance CI template in GitLab 16.0. However, due to performance issues with the [license scanning of CycloneDX files](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/) we will do this change in 16.1 instead. - | CI Pipeline Includes | GitLab <= 15.8 | 15.9 <= GitLab < 16.0 | GitLab >= 16.0 | + The GitLab [License Compliance](https://docs.gitlab.com/ee/user/compliance/license_compliance/) CI template is now deprecated and is scheduled for removal in the GitLab 16.1 release. Users who wish to continue using GitLab for License Compliance should remove the License Compliance template from their CI pipeline and add the [Dependency Scanning template](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuration). The Dependency Scanning template is now capable of gathering the required license information so it is no longer necessary to run a separate License Compliance job. The License Compliance CI template should not be removed prior to verifying that the `license_scanning_sbom_scanner` and `package_metadata_synchronization` flags are enabled for the instance and that the instance has been upgraded to a version that supports [the new method of license scanning](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/). + + | CI Pipeline Includes | GitLab <= 15.8 | 15.9 <= GitLab < 16.1 | GitLab >= 16.1 | | ------------- | ------------- | ------------- | ------------- | | Both DS and LS templates | License data from LS job is used | License data from LS job is used | License data from DS job is used | | DS template is included but LS template is not | No license data | License data from DS job is used | License data from DS job is used | diff --git a/data/removals/16_0/16-0-conan-search-limited-to-project.yml b/data/removals/16_0/16-0-conan-search-limited-to-project.yml new file mode 100644 index 00000000000..bf77ca38ba0 --- /dev/null +++ b/data/removals/16_0/16-0-conan-search-limited-to-project.yml @@ -0,0 +1,11 @@ +# REQUIRED FIELDS +# +- title: Conan project-level search returns only project-specific results" # (required) Clearly explain the change. For example, "The `confidential` field for a `Note` is removed" or "CI/CD job names are limited to 250 characters." + announcement_milestone: "15.8" # (required) The milestone when this feature was deprecated. + removal_milestone: "16.0" # (required) The milestone when this feature is being removed. + breaking_change: true # (required) Change to false if this is not a breaking change. + reporter: trizzi # (required) GitLab username of the person reporting the removal + stage: Package # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/384455 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + The [GitLab Conan repository](https://docs.gitlab.com/ee/user/packages/conan_repository/) supports the `conan search` command, but when searching a project-level endpoint, instance-level Conan packages could have been returned. This unintended functionality is removed in GitLab 16.0. The search endpoint for the project level now only returns packages from the target project. diff --git a/db/structure.sql b/db/structure.sql index 512e27adb6a..94c36a22fd4 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -19585,9 +19585,9 @@ CREATE TABLE packages_npm_metadata_caches ( size integer NOT NULL, file text NOT NULL, package_name text NOT NULL, - object_storage_key character varying(255) NOT NULL, + object_storage_key text NOT NULL, CONSTRAINT check_57aa07a4b2 CHECK ((char_length(file) <= 255)), - CONSTRAINT check_f97c15aa60 CHECK ((char_length((object_storage_key)::text) <= 255)) + CONSTRAINT check_f97c15aa60 CHECK ((char_length(object_storage_key) <= 255)) ); CREATE SEQUENCE packages_npm_metadata_caches_id_seq @@ -31644,6 +31644,8 @@ CREATE INDEX index_packages_maven_metadata_on_package_id_and_path ON packages_ma CREATE INDEX index_packages_maven_metadata_on_path ON packages_maven_metadata USING btree (path); +CREATE UNIQUE INDEX index_packages_npm_metadata_caches_on_object_storage_key ON packages_npm_metadata_caches USING btree (object_storage_key); + CREATE INDEX index_packages_npm_metadata_caches_on_project_id ON packages_npm_metadata_caches USING btree (project_id); CREATE INDEX index_packages_nuget_dl_metadata_on_dependency_link_id ON packages_nuget_dependency_link_metadata USING btree (dependency_link_id); diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 560f1a4c60a..18e44336223 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -22944,6 +22944,7 @@ Represents vulnerability letter grades with associated projects. | <a id="workitemauthor"></a>`author` **{warning-solid}** | [`UserCore`](#usercore) | **Introduced** in 15.9. This feature is an Experiment. It can be changed or removed at any time. User that created the work item. | | <a id="workitemclosedat"></a>`closedAt` | [`Time`](#time) | Timestamp of when the work item was closed. | | <a id="workitemconfidential"></a>`confidential` | [`Boolean!`](#boolean) | Indicates the work item is confidential. | +| <a id="workitemcreatenoteemail"></a>`createNoteEmail` | [`String`](#string) | User specific email address for the work item. | | <a id="workitemcreatedat"></a>`createdAt` | [`Time!`](#time) | Timestamp of when the work item was created. | | <a id="workitemdescription"></a>`description` | [`String`](#string) | Description of the work item. | | <a id="workitemdescriptionhtml"></a>`descriptionHtml` | [`String`](#string) | GitLab Flavored Markdown rendering of `description`. | @@ -22961,6 +22962,20 @@ Represents vulnerability letter grades with associated projects. | <a id="workitemwidgets"></a>`widgets` | [`[WorkItemWidget!]`](#workitemwidget) | Collection of widgets that belong to the work item. | | <a id="workitemworkitemtype"></a>`workItemType` | [`WorkItemType!`](#workitemtype) | Type assigned to the work item. | +#### Fields with arguments + +##### `WorkItem.reference` + +Internal reference of the work item. Returned in shortened format by default. + +Returns [`String!`](#string). + +###### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| <a id="workitemreferencefull"></a>`full` | [`Boolean`](#boolean) | Boolean option specifying whether the reference should be returned in full. | + ### `WorkItemPermissions` Check permissions for the current user on a work item. diff --git a/doc/api/rest/deprecations.md b/doc/api/rest/deprecations.md index bf248487cf6..295f869720c 100644 --- a/doc/api/rest/deprecations.md +++ b/doc/api/rest/deprecations.md @@ -49,6 +49,18 @@ API users are encouraged to switch to the new diffs endpoint instead. The `changes from a single merge request` endpoint will be removed in v5 of the GitLab REST API. +## Managed Licenses API endpoint + +Breaking change. [Related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/397067). + +The endpoint to get +[all managed licenses for a given project](../managed_licenses.md) +has been deprecated in favor the +[License Approval policy](../../user/compliance/license_approval_policies.md) feature. +Users who wish to continue to enforce approvals based on detected licenses are encouraged to create a new [License Approval policy](../../user/compliance/license_approval_policies.md) instead. + +The `managed licenses` endpoint will be removed in v5 of the GitLab REST API. + ## Approvers and Approver Group fields in Merge Request Approval API Breaking change. [Related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/353097). diff --git a/doc/api/vulnerability_exports.md b/doc/api/vulnerability_exports.md index 28053eb20b6..c72e4a36929 100644 --- a/doc/api/vulnerability_exports.md +++ b/doc/api/vulnerability_exports.md @@ -8,11 +8,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/197494) in GitLab 12.10. [Updated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30397) in GitLab 13.0. -WARNING: -This API is in an [Experiment](../policy/alpha-beta-support.md#experiment) and considered unstable. -The response payload may be subject to change or breakage -across GitLab releases. - Every API call to vulnerability exports must be [authenticated](rest/index.md#authentication). ## Create a project-level vulnerability export diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index d9f231be8bd..b335ff6e6a9 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -639,6 +639,27 @@ We will stop publishing runner images based on the following, end-of-life Alpine - Alpine 3.14 (end-of-life on 2023-05-23) </div> + +<div class="deprecation breaking-change" data-milestone="16.1"> + +### License Compliance CI Template + +<div class="deprecation-notes"> +- Announced in: GitLab <span class="milestone">15.9</span> +- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/) +</div> + +**Update:** We previously announced we would remove the existing License Compliance CI template in GitLab 16.0. However, due to performance issues with the [license scanning of CycloneDX files](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/) we will do this change in 16.1 instead. + +The GitLab [License Compliance](https://docs.gitlab.com/ee/user/compliance/license_compliance/) CI template is now deprecated and is scheduled for removal in the GitLab 16.1 release. Users who wish to continue using GitLab for License Compliance should remove the License Compliance template from their CI pipeline and add the [Dependency Scanning template](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuration). The Dependency Scanning template is now capable of gathering the required license information so it is no longer necessary to run a separate License Compliance job. The License Compliance CI template should not be removed prior to verifying that the `license_scanning_sbom_scanner` and `package_metadata_synchronization` flags are enabled for the instance and that the instance has been upgraded to a version that supports [the new method of license scanning](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/). + +| CI Pipeline Includes | GitLab <= 15.8 | 15.9 <= GitLab < 16.1 | GitLab >= 16.1 | +| ------------- | ------------- | ------------- | ------------- | +| Both DS and LS templates | License data from LS job is used | License data from LS job is used | License data from DS job is used | +| DS template is included but LS template is not | No license data | License data from DS job is used | License data from DS job is used | +| LS template is included but DS template is not | License data from LS job is used | License data from LS job is used | No license data | + +</div> </div> <div class="milestone-wrapper" data-milestone="16.0"> @@ -1318,25 +1339,6 @@ Update any scripts or bookmarks that reference the legacy URLs. GitLab APIs are <div class="deprecation breaking-change" data-milestone="16.0"> -### License Compliance CI Template - -<div class="deprecation-notes"> -- Announced in: GitLab <span class="milestone">15.9</span> -- [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/) -</div> - -The GitLab [License Compliance](https://docs.gitlab.com/ee/user/compliance/license_compliance/) CI template is now deprecated and is scheduled for removal in the GitLab 16.0 release. Users who wish to continue using GitLab for License Compliance should remove the License Compliance template from their CI pipeline and add the [Dependency Scanning template](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuration). The Dependency Scanning template is now capable of gathering the required license information so it is no longer necessary to run a separate License Compliance job. The License Compliance CI template should not be removed prior to verifying that the `license_scanning_sbom_scanner` and `package_metadata_synchronization` flags are enabled for the instance and that the instance has been upgraded to a version that supports [the new method of license scanning](https://docs.gitlab.com/ee/user/compliance/license_scanning_of_cyclonedx_files/). - -| CI Pipeline Includes | GitLab <= 15.8 | 15.9 <= GitLab < 16.0 | GitLab >= 16.0 | -| ------------- | ------------- | ------------- | ------------- | -| Both DS and LS templates | License data from LS job is used | License data from LS job is used | License data from DS job is used | -| DS template is included but LS template is not | No license data | License data from DS job is used | License data from DS job is used | -| LS template is included but DS template is not | License data from LS job is used | License data from LS job is used | No license data | - -</div> - -<div class="deprecation breaking-change" data-milestone="16.0"> - ### License-Check and the Policies tab on the License Compliance page <div class="deprecation-notes"> @@ -1955,7 +1957,11 @@ You can use the vulnerabilityFindingDismiss GraphQL mutation to set the status o - [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/) </div> -Using third-party container registries is deprecated in GitLab 15.8 and the end of support is scheduled for GitLab 16.0. Supporting both GitLab's Container Registry and third-party container registries is challenging for maintenance, code quality, and backward compatibility. This hinders our ability to stay [efficient](https://about.gitlab.com/handbook/values/#efficiency). +Using third-party container registries with GitLab as an auth endpoint is deprecated in GitLab 15.8 and the [end of support](https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology) is scheduled for GitLab 16.0. This impacts self-managed customers that have connected their external registry to the GitLab user interface to find, view, and delete container images. + +Supporting both GitLab's Container Registry as well as third-party container registries is challenging for maintenance, code quality, and backward compatibility. This hinders our ability to stay [efficient](https://about.gitlab.com/handbook/values/#efficiency). As a result we will not support this functionality moving forward. + +This change will not impact your ability to pull and push container images to external registries using pipelines. Since we released the new [GitLab Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/5523) version for GitLab.com, we've started to implement additional features that are not available in third-party container registries. These new features have allowed us to achieve significant performance improvements, such as [cleanup policies](https://gitlab.com/groups/gitlab-org/-/epics/8379). We are focusing on delivering [new features](https://gitlab.com/groups/gitlab-org/-/epics/5136), most of which will require functionalities only available on the GitLab Container Registry. This deprecation allows us to reduce fragmentation and user frustration in the long term by focusing on delivering a more robust integrated registry experience and feature set. diff --git a/doc/update/index.md b/doc/update/index.md index ed9d73ba56b..9990a2e8ffe 100644 --- a/doc/update/index.md +++ b/doc/update/index.md @@ -151,7 +151,7 @@ Read how to [upgrade without downtime](zero_downtime.md). ## Upgrading to a new major version Upgrading the *major* version requires more attention. -Backward-incompatible changes and migrations are reserved for major versions. +Backward-incompatible changes are reserved for major versions. Follow the directions carefully as we cannot guarantee that upgrading between major versions is seamless. diff --git a/doc/update/removals.md b/doc/update/removals.md index 3e72b2a7a5e..2085ce94748 100644 --- a/doc/update/removals.md +++ b/doc/update/removals.md @@ -78,6 +78,14 @@ The `CiCdSettingsUpdate` mutation will be removed in GitLab 16.0. Any user scripts that use the `CiCdSettingsUpdate` mutation must be updated to use `ProjectCiCdSettingsUpdate` instead. +### Conan project-level search returns only project-specific results" + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +The [GitLab Conan repository](https://docs.gitlab.com/ee/user/packages/conan_repository/) supports the `conan search` command, but when searching a project-level endpoint, instance-level Conan packages could have been returned. This unintended functionality is removed in GitLab 16.0. The search endpoint for the project level now only returns packages from the target project. + ### Container Registry pull-through cache is removed WARNING: diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 95347929d01..b7a68317fba 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -11,7 +11,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. WARNING: -This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. You should instead migrate to use [License approval policies](../license_approval_policies.md) and the [new method of license scanning](../license_scanning_of_cyclonedx_files/index.md) prior to GitLab 16.0. +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. You should instead migrate to use [License approval policies](../license_approval_policies.md) and the [new method of license scanning](../license_scanning_of_cyclonedx_files/index.md) prior to GitLab 16.1. If you're using [GitLab CI/CD](../../../ci/index.md), you can use License Compliance to search your project's dependencies for their licenses. You can then decide whether to allow or deny the use of diff --git a/doc/user/group/iterations/index.md b/doc/user/group/iterations/index.md index 72d3bf65447..9b246e6ad47 100644 --- a/doc/user/group/iterations/index.md +++ b/doc/user/group/iterations/index.md @@ -62,6 +62,8 @@ To create an iteration cadence: - From the **Upcoming iterations** dropdown list, select how many upcoming iterations should be created and maintained by GitLab. - Optional. To move incomplete issues to the next iteration, select **Roll over issues**. + At the end of the current iteration, all open issues are added to the next iteration. + Issues are moved at midnight in the instance time zone (UTC by default). Administrators can change the instance time zone. 1. Select **Create cadence**. The cadence list page opens. If you want to manually manage the created cadence, read [Manual Iteration Management](#manual-iteration-management). diff --git a/doc/user/okrs.md b/doc/user/okrs.md index 450827619fd..675d2d7ad5f 100644 --- a/doc/user/okrs.md +++ b/doc/user/okrs.md @@ -292,3 +292,14 @@ To add an existing key result to an objective: To add multiple objectives, repeat this step. 1. Select **Add key result**. + +### Reorder objective and key result children + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385887) in GitLab 16.0. + +Prerequisites: + +- You must have at least the Reporter role for the project. + +By default, child OKRs are ordered by creation date. +To reorder them, drag them around. diff --git a/doc/user/tasks.md b/doc/user/tasks.md index c0c0946dd8c..fc232ee298e 100644 --- a/doc/user/tasks.md +++ b/doc/user/tasks.md @@ -158,6 +158,17 @@ To delete a task: 1. In the task window, in the options menu (**{ellipsis_v}**), select **Delete task**. 1. Select **OK**. +## Reorder tasks + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385887) in GitLab 16.0. + +Prerequisites: + +- You must have at least the Reporter role for the project. + +By default, tasks are ordered by creation date. +To reorder them, drag them around. + ## Assign users to a task > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/334810) in GitLab 15.4. diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml index 97a9d94f42a..192d06bfa14 100644 --- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml @@ -45,7 +45,7 @@ container_scanning: script: - gtcs scan rules: - - if: $CONTAINER_SCANNING_DISABLED + - if: $CONTAINER_SCANNING_DISABLED == 'true' || $CONTAINER_SCANNING_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $CI_GITLAB_FIPS_MODE == "true" && diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml index dd9575371dc..63cf265fc6e 100644 --- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml @@ -75,7 +75,7 @@ gemnasium-dependency_scanning: DS_ANALYZER_NAME: "gemnasium" GEMNASIUM_LIBRARY_SCAN_ENABLED: "true" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium([^-]|$)/ when: never @@ -104,7 +104,7 @@ gemnasium-maven-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-maven" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-maven/ when: never @@ -135,7 +135,7 @@ gemnasium-python-dependency_scanning: variables: DS_ANALYZER_NAME: "gemnasium-python" rules: - - if: $DEPENDENCY_SCANNING_DISABLED + - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1' when: never - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-python/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml index f8668699fe5..b1c81e9ed5b 100644 --- a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml @@ -32,7 +32,7 @@ license_scanning: license_scanning: gl-license-scanning-report.json dependencies: [] rules: - - if: $LICENSE_MANAGEMENT_DISABLED + - if: $LICENSE_MANAGEMENT_DISABLED == 'true' || $LICENSE_MANAGEMENT_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\blicense_scanning\b/ diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml index c195ecd8ee5..a64e1e4a40f 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml @@ -31,10 +31,10 @@ kics-iac-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kics:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kics/ when: never diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 123dea09524..d567ab2a141 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -48,10 +48,10 @@ brakeman-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/brakeman:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /brakeman/ when: never @@ -74,10 +74,10 @@ flawfinder-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /flawfinder/ when: never @@ -95,10 +95,10 @@ kubesec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/kubesec:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /kubesec/ when: never @@ -119,13 +119,13 @@ gosec-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/mobsf:$SAST_ANALYZER_IMAGE_TAG" mobsf-android-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -138,7 +138,7 @@ mobsf-android-sast: mobsf-ios-sast: extends: .mobsf-sast rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /mobsf/ when: never @@ -153,10 +153,10 @@ nodejs-scan-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/nodejs-scan:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /nodejs-scan/ when: never @@ -169,10 +169,10 @@ phpcs-security-audit-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/phpcs-security-audit:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /phpcs-security-audit/ when: never @@ -185,10 +185,10 @@ pmd-apex-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/pmd-apex:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /pmd-apex/ when: never @@ -211,10 +211,10 @@ semgrep-sast: name: "$SAST_ANALYZER_IMAGE" variables: SEARCH_MAX_DEPTH: 20 - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/ when: never @@ -238,10 +238,10 @@ sobelow-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/sobelow:$SAST_ANALYZER_IMAGE_TAG" rules: - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $SAST_EXCLUDED_ANALYZERS =~ /sobelow/ when: never @@ -254,7 +254,7 @@ spotbugs-sast: image: name: "$SAST_ANALYZER_IMAGE" variables: - SAST_ANALYZER_IMAGE_TAG: 3 + SAST_ANALYZER_IMAGE_TAG: 4 SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/spotbugs:$SAST_ANALYZER_IMAGE_TAG" rules: - if: $SAST_EXCLUDED_ANALYZERS =~ /spotbugs/ @@ -263,7 +263,7 @@ spotbugs-sast: exists: - '**/AndroidManifest.xml' when: never - - if: $SAST_DISABLED + - if: $SAST_DISABLED == 'true' || $SAST_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH exists: diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml index b7a9dbf7bc6..9d0b904117a 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml @@ -8,7 +8,7 @@ variables: SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECRET_DETECTION_IMAGE_SUFFIX: "" - SECRETS_ANALYZER_VERSION: "4" + SECRETS_ANALYZER_VERSION: "5" SECRET_DETECTION_EXCLUDED_PATHS: "" .secret-analyzer: @@ -27,7 +27,7 @@ variables: secret_detection: extends: .secret-analyzer rules: - - if: $SECRET_DETECTION_DISABLED + - if: $SECRET_DETECTION_DISABLED == 'true' || $SECRET_DETECTION_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH script: diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml index 56c46dc216a..544aee904d5 100644 --- a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml @@ -35,9 +35,12 @@ apifuzzer_fuzz: image: $SECURE_ANALYZERS_PREFIX/$FUZZAPI_IMAGE:$FUZZAPI_VERSION$FUZZAPI_IMAGE_SUFFIX allow_failure: true rules: - - if: $API_FUZZING_DISABLED + - if: $API_FUZZING_DISABLED == 'true' || $API_FUZZING_DISABLED == '1' when: never - - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH && + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $API_FUZZING_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never - if: $CI_COMMIT_BRANCH && diff --git a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml index 89944e347f6..1f11ec8e288 100644 --- a/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Coverage-Fuzzing.gitlab-ci.yml @@ -49,6 +49,6 @@ coverage_fuzzing_unlicensed: coverage_fuzzing: gl-coverage-fuzzing-report.json when: always rules: - - if: $COVFUZZ_DISABLED + - if: $COVFUZZ_DISABLED == 'true' || $COVFUZZ_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bcoverage_fuzzing\b/ diff --git a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml index b5ee1e053f2..ee99d3b4614 100644 --- a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml @@ -35,9 +35,12 @@ dast_api: image: $SECURE_ANALYZERS_PREFIX/$DAST_API_IMAGE:$DAST_API_VERSION$DAST_API_IMAGE_SUFFIX allow_failure: true rules: - - if: $DAST_API_DISABLED + - if: $DAST_API_DISABLED == 'true' || $DAST_API_DISABLED == '1' when: never - - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == 'true' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $DAST_API_DISABLED_FOR_DEFAULT_BRANCH == '1' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never - if: $CI_COMMIT_BRANCH && diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml index c43296b5865..6e1d96d4add 100644 --- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml @@ -42,13 +42,23 @@ dast: reports: dast: gl-dast-report.json rules: - - if: $DAST_DISABLED + - if: $DAST_DISABLED == 'true' || $DAST_DISABLED == '1' when: never - - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH && + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == 'true' && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME when: never + - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH == '1' && + $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME + when: never + - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && + $REVIEW_DISABLED == 'true' + when: never - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && - $REVIEW_DISABLED + $REVIEW_DISABLED == '1' when: never - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bdast\b/ + after_script: + # Remove any debug.log files because they might contain secrets. + - rm -f /zap/wrk/**/debug.log + - cp -r /zap/wrk dast_artifacts diff --git a/lib/gitlab/database_importers/instance_administrators/create_group.rb b/lib/gitlab/database_importers/instance_administrators/create_group.rb deleted file mode 100644 index bb489ced3d2..00000000000 --- a/lib/gitlab/database_importers/instance_administrators/create_group.rb +++ /dev/null @@ -1,133 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module DatabaseImporters - module InstanceAdministrators - class CreateGroup < ::BaseService - include Stepable - - NAME = 'GitLab Instance' - PATH_PREFIX = 'gitlab-instance' - VISIBILITY_LEVEL = Gitlab::VisibilityLevel::INTERNAL - - steps :validate_application_settings, - :validate_admins, - :create_group, - :save_group_id, - :add_group_members, - :track_event - - def initialize - super(nil) - end - - def execute - execute_steps - end - - private - - def validate_application_settings(result) - return success(result) if application_settings - - log_error('No application_settings found') - error(_('No application_settings found')) - end - - def validate_admins(result) - unless instance_admins.any? - log_error('No active admin user found') - return error(_('No active admin user found')) - end - - success(result) - end - - def create_group(result) - if group_created? - log_info(_('Instance administrators group already exists')) - result[:group] = instance_administrators_group - return success(result) - end - - result[:group] = ::Groups::CreateService.new(instance_admins.first, create_group_params).execute - - if result[:group].persisted? - success(result) - else - log_error("Could not create instance administrators group. Errors: %{errors}" % { errors: result[:group].errors.full_messages }) - error(_('Could not create group')) - end - end - - def save_group_id(result) - return success(result) if group_created? - - response = application_settings.update( - instance_administrators_group_id: result[:group].id - ) - - if response - success(result) - else - log_error("Could not save instance administrators group ID, errors: %{errors}" % { errors: application_settings.errors.full_messages }) - error(_('Could not save group ID')) - end - end - - def add_group_members(result) - group = result[:group] - members = group.add_members(members_to_add(group), Gitlab::Access::MAINTAINER) - errors = members.flat_map { |member| member.errors.full_messages } - - if errors.any? - log_error('Could not add admins as members to self-monitoring project. Errors: %{errors}' % { errors: errors }) - error(_('Could not add admins as members')) - else - success(result) - end - end - - def track_event(result) - ::Gitlab::Tracking.event("instance_administrators_group", "group_created", namespace: result[:group]) - - success(result) - end - - def group_created? - instance_administrators_group.present? - end - - def application_settings - @application_settings ||= ApplicationSetting.current_without_cache - end - - def instance_administrators_group - application_settings.instance_administrators_group - end - - def instance_admins - @instance_admins ||= User.admins.active - end - - def members_to_add(group) - # Exclude admins who are already members of group because - # `group.add_members(users)` returns an error if the users parameter contains - # users who are already members of the group. - instance_admins - group.members.collect(&:user) - end - - def create_group_params - { - name: NAME, - visibility_level: VISIBILITY_LEVEL, - - # The 8 random characters at the end are so that the path does not - # clash with any existing group that the user might have created. - path: "#{PATH_PREFIX}-#{SecureRandom.hex(4)}" - } - end - end - end - end -end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 3e540f31a87..3514adeac4a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -5627,7 +5627,7 @@ msgstr "" msgid "ApprovalRule|Name" msgstr "" -msgid "ApprovalRule|Needs Triage" +msgid "ApprovalRule|Needs triage" msgstr "" msgid "ApprovalRule|New" @@ -12394,9 +12394,6 @@ msgstr "" msgid "Could not access the Wiki Repository at this time." msgstr "" -msgid "Could not add admins as members" -msgstr "" - msgid "Could not apply %{name} command." msgstr "" @@ -12424,9 +12421,6 @@ msgstr "" msgid "Could not create Wiki Repository at this time. Please try again later." msgstr "" -msgid "Could not create group" -msgstr "" - msgid "Could not create issue" msgstr "" @@ -12484,9 +12478,6 @@ msgstr "" msgid "Could not save configuration. Please refresh the page, or try again later." msgstr "" -msgid "Could not save group ID" -msgstr "" - msgid "Could not update the LDAP settings" msgstr "" @@ -23790,9 +23781,6 @@ msgstr "" msgid "Instance access request rejected" msgstr "" -msgid "Instance administrators group already exists" -msgstr "" - msgid "Instance audit events" msgstr "" @@ -25004,13 +24992,13 @@ msgstr "" msgid "Iterations|Error loading iteration cadences." msgstr "" -msgid "Iterations|Iteration cadences" +msgid "Iterations|Incomplete issues will be added to the next iteration at %{strongStart}midnight, %{timezone}%{strongEnd}." msgstr "" -msgid "Iterations|Iterations are scheduled to start on %{weekday}s." +msgid "Iterations|Iteration cadences" msgstr "" -msgid "Iterations|Move incomplete issues to the next iteration." +msgid "Iterations|Iterations are scheduled to start on %{weekday}s." msgstr "" msgid "Iterations|New iteration" @@ -29696,15 +29684,9 @@ msgstr "" msgid "No access" msgstr "" -msgid "No active admin user found" -msgstr "" - msgid "No activities found" msgstr "" -msgid "No application_settings found" -msgstr "" - msgid "No approvers" msgstr "" @@ -40328,6 +40310,9 @@ msgstr "" msgid "SecurityOrchestration|Description" msgstr "" +msgid "SecurityOrchestration|Details" +msgstr "" + msgid "SecurityOrchestration|Direct" msgstr "" @@ -40622,6 +40607,9 @@ msgstr "" msgid "SecurityOrchestration|View policy project" msgstr "" +msgid "SecurityOrchestration|YAML" +msgstr "" + msgid "SecurityOrchestration|You don't have any security policies yet" msgstr "" diff --git a/qa/Gemfile b/qa/Gemfile index f320c091f7f..2671b9e6b8b 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -9,7 +9,8 @@ gem 'capybara', '~> 3.39.0' gem 'capybara-screenshot', '~> 1.0.26' gem 'rake', '~> 13', '>= 13.0.6' gem 'rspec', '~> 3.12' -gem 'selenium-webdriver', '~> 4.9', '>= 4.9.1' +# 4.9.1 drops Ruby 2.7 support. We can upgrade further after we drop Ruby 2.7 support. +gem 'selenium-webdriver', '= 4.9.0' gem 'airborne', '~> 0.3.7', require: false # airborne is messing with rspec sandboxed mode so not requiring by default gem 'rest-client', '~> 2.1.0' gem 'rspec-retry', '~> 0.6.2', require: 'rspec/retry' diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 7b63e25f381..278f902d8d3 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -260,7 +260,7 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - selenium-webdriver (4.9.1) + selenium-webdriver (4.9.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -335,7 +335,7 @@ DEPENDENCIES rspec-retry (~> 0.6.2) rspec_junit_formatter (~> 0.6.0) ruby-debug-ide (~> 0.7.3) - selenium-webdriver (~> 4.9, >= 4.9.1) + selenium-webdriver (= 4.9.0) slack-notifier (~> 2.4) terminal-table (~> 3.0.2) warning (~> 1.3) diff --git a/qa/qa/resource/merge_request_from_fork.rb b/qa/qa/resource/merge_request_from_fork.rb index 512f3eb7bfc..3e849aea862 100644 --- a/qa/qa/resource/merge_request_from_fork.rb +++ b/qa/qa/resource/merge_request_from_fork.rb @@ -23,13 +23,14 @@ module QA fork.project.visit! - mr_url = Flow::Login.while_signed_in(as: fork.user) do - Page::Project::Show.perform(&:new_merge_request) - Page::MergeRequest::New.perform(&:create_merge_request) - - current_url - end - + # Ensure we are signed in as fork user and create the MR + Flow::Login.sign_in_unless_signed_in(user: fork.user) + Page::Project::Show.perform(&:new_merge_request) + Page::MergeRequest::New.perform(&:create_merge_request) + Support::WaitForRequests.wait_for_requests + mr_url = current_url + + # Sign back in as original user Flow::Login.sign_in visit(mr_url) end diff --git a/spec/graphql/types/work_item_type_spec.rb b/spec/graphql/types/work_item_type_spec.rb index ef7f9c88445..328450084c2 100644 --- a/spec/graphql/types/work_item_type_spec.rb +++ b/spec/graphql/types/work_item_type_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe GitlabSchema.types['WorkItem'] do +RSpec.describe GitlabSchema.types['WorkItem'], feature_category: :team_planning do specify { expect(described_class.graphql_name).to eq('WorkItem') } specify { expect(described_class).to require_graphql_authorizations(:read_work_item) } @@ -29,6 +29,8 @@ RSpec.describe GitlabSchema.types['WorkItem'] do updated_at closed_at web_url + create_note_email + reference ] expect(described_class).to have_graphql_fields(*fields) diff --git a/spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb b/spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb deleted file mode 100644 index 68c29bad287..00000000000 --- a/spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb +++ /dev/null @@ -1,169 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Gitlab::DatabaseImporters::InstanceAdministrators::CreateGroup do - describe '#execute' do - let(:result) { subject.execute } - - context 'without application_settings' do - it 'returns error' do - expect(subject).to receive(:log_error).and_call_original - expect(result).to eq( - status: :error, - message: 'No application_settings found', - last_step: :validate_application_settings - ) - - expect(Group.count).to eq(0) - end - end - - context 'without admin users' do - let(:application_setting) { Gitlab::CurrentSettings.current_application_settings } - - before do - allow(ApplicationSetting).to receive(:current_without_cache) { application_setting } - end - - it 'returns error' do - expect(subject).to receive(:log_error).and_call_original - expect(result).to eq( - status: :error, - message: 'No active admin user found', - last_step: :validate_admins - ) - - expect(Group.count).to eq(0) - end - end - - context( - 'with application settings and admin users', - :do_not_mock_admin_mode_setting, - :do_not_stub_snowplow_by_default - ) do - let(:group) { result[:group] } - let(:application_setting) { Gitlab::CurrentSettings.current_application_settings } - - let!(:user) { create(:user, :admin) } - - before do - allow(ApplicationSetting).to receive(:current_without_cache) { application_setting } - end - - it 'returns correct keys' do - expect(result.keys).to contain_exactly( - :status, :group - ) - end - - it "tracks successful install" do - expect(::Gitlab::Tracking).to receive(:event).with( - 'instance_administrators_group', 'group_created', namespace: group - ) - - subject.execute - end - - it 'creates group' do - expect(result[:status]).to eq(:success) - expect(group).to be_persisted - expect(group.name).to eq('GitLab Instance') - expect(group.path).to start_with('gitlab-instance') - expect(group.path.split('-').last.length).to eq(8) - expect(group.visibility_level).to eq(described_class::VISIBILITY_LEVEL) - end - - it 'adds all admins as maintainers' do - admin1 = create(:user, :admin) - admin2 = create(:user, :admin) - create(:user) - - expect(result[:status]).to eq(:success) - group.reset - expect(group.members.collect(&:user)).to contain_exactly(user, admin1, admin2) - expect(group.members.collect(&:access_level)).to contain_exactly( - Gitlab::Access::OWNER, - Gitlab::Access::MAINTAINER, - Gitlab::Access::MAINTAINER - ) - end - - it 'saves the group id' do - expect(result[:status]).to eq(:success) - expect(application_setting.instance_administrators_group_id).to eq(group.id) - end - - it 'returns error when saving group ID fails' do - allow(application_setting).to receive(:save) { false } - - expect(result).to eq( - status: :error, - message: 'Could not save group ID', - last_step: :save_group_id - ) - end - - context 'when group already exists' do - let(:existing_group) { create(:group) } - - before do - admin1 = create(:user, :admin) - admin2 = create(:user, :admin) - - existing_group.add_owner(user) - existing_group.add_members([admin1, admin2], Gitlab::Access::MAINTAINER) - - application_setting.instance_administrators_group_id = existing_group.id - end - - it 'returns success' do - expect(result).to eq( - status: :success, - group: existing_group - ) - - expect(Group.count).to eq(1) - end - end - - context 'when group cannot be created' do - let(:group) { build(:group) } - - before do - group.errors.add(:base, "Test error") - - expect_next_instance_of(::Groups::CreateService) do |group_create_service| - expect(group_create_service).to receive(:execute) - .and_return(group) - end - end - - it 'returns error' do - expect(subject).to receive(:log_error).and_call_original - expect(result).to eq( - status: :error, - message: 'Could not create group', - last_step: :create_group - ) - end - end - - context 'when user cannot be added to group' do - before do - subject.instance_variable_set(:@instance_admins, [user, build(:user, :admin)]) - end - - it 'returns error' do - expect(subject).to receive(:log_error).and_call_original - expect(result).to eq( - status: :error, - message: 'Could not add admins as members', - last_step: :add_group_members - ) - end - end - end - end -end diff --git a/spec/requests/api/graphql/work_item_spec.rb b/spec/requests/api/graphql/work_item_spec.rb index 85e5ca26c0c..dc5004a121b 100644 --- a/spec/requests/api/graphql/work_item_spec.rb +++ b/spec/requests/api/graphql/work_item_spec.rb @@ -36,9 +36,15 @@ RSpec.describe 'Query.work_item(id)', feature_category: :team_planning do end context 'when the user can read the work item' do + let(:incoming_email_token) { current_user.incoming_email_token } + let(:work_item_email) do + "p+#{project.full_path_slug}-#{project.project_id}-#{incoming_email_token}-issue-#{work_item.iid}@gl.ab" + end + before do project.add_developer(developer) project.add_guest(guest) + stub_incoming_email_setting(enabled: true, address: "p+%{key}@gl.ab") post_graphql(query, current_user: current_user) end @@ -55,6 +61,8 @@ RSpec.describe 'Query.work_item(id)', feature_category: :team_planning do 'title' => work_item.title, 'confidential' => work_item.confidential, 'workItemType' => hash_including('id' => work_item.work_item_type.to_gid.to_s), + 'reference' => work_item.to_reference, + 'createNoteEmail' => work_item_email, 'userPermissions' => { 'readWorkItem' => true, 'updateWorkItem' => true, diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index b4818f79ec7..a315bca58d1 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Search, feature_category: :global_search do +RSpec.describe API::Search, :clean_gitlab_redis_rate_limiting, feature_category: :global_search do let_it_be(:user) { create(:user) } let_it_be(:group) { create(:group) } let_it_be(:project, reload: true) { create(:project, :wiki_repo, :public, name: 'awesome project', group: group) } @@ -10,8 +10,6 @@ RSpec.describe API::Search, feature_category: :global_search do before do allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).and_return(0) - allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(:search_rate_limit).and_return(1000) - allow(Gitlab::ApplicationRateLimiter).to receive(:threshold).with(:search_rate_limit_unauthenticated).and_return(1000) end shared_examples 'response is correct' do |schema:, size: 1| diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml index 49f71acd3a8..921470cdf5c 100644 --- a/spec/support/rspec_order_todo.yml +++ b/spec/support/rspec_order_todo.yml @@ -1349,7 +1349,6 @@ - './ee/spec/lib/gitlab/ci/templates/Jobs/browser_performance_testing_gitlab_ci_yaml_spec.rb' - './ee/spec/lib/gitlab/ci/templates/Jobs/dast_default_branch_gitlab_ci_yaml_spec.rb' - './ee/spec/lib/gitlab/ci/templates/Jobs/load_performance_testing_gitlab_ci_yaml_spec.rb' -- './ee/spec/lib/gitlab/ci/templates/license_scanning_gitlab_ci_yaml_spec.rb' - './ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb' - './ee/spec/lib/gitlab/ci/templates/sast_iac_gitlab_ci_yaml_spec.rb' - './ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb' @@ -6112,8 +6111,6 @@ - './spec/lib/gitlab/database_importers/common_metrics/importer_spec.rb' - './spec/lib/gitlab/database_importers/common_metrics/prometheus_metric_spec.rb' - './spec/lib/gitlab/database_importers/instance_administrators/create_group_spec.rb' -- './spec/lib/gitlab/database_importers/self_monitoring/project/create_service_spec.rb' -- './spec/lib/gitlab/database_importers/self_monitoring/project/delete_service_spec.rb' - './spec/lib/gitlab/database_importers/work_items/base_type_importer_spec.rb' - './spec/lib/gitlab/database/load_balancing/action_cable_callbacks_spec.rb' - './spec/lib/gitlab/database/load_balancing/configuration_spec.rb' @@ -8696,7 +8693,6 @@ - './spec/requests/runner_setup_controller_spec.rb' - './spec/requests/sandbox_controller_spec.rb' - './spec/requests/search_controller_spec.rb' -- './spec/requests/self_monitoring_project_spec.rb' - './spec/requests/sessions_spec.rb' - './spec/requests/terraform/services_controller_spec.rb' - './spec/requests/user_activity_spec.rb' @@ -9355,7 +9351,6 @@ - './spec/services/metrics/dashboard/grafana_metric_embed_service_spec.rb' - './spec/services/metrics/dashboard/panel_preview_service_spec.rb' - './spec/services/metrics/dashboard/pod_dashboard_service_spec.rb' -- './spec/services/metrics/dashboard/self_monitoring_dashboard_service_spec.rb' - './spec/services/metrics/dashboard/system_dashboard_service_spec.rb' - './spec/services/metrics/dashboard/transient_embed_service_spec.rb' - './spec/services/metrics/dashboard/update_dashboard_service_spec.rb' @@ -10270,8 +10265,6 @@ - './spec/workers/run_pipeline_schedule_worker_spec.rb' - './spec/workers/schedule_merge_request_cleanup_refs_worker_spec.rb' - './spec/workers/schedule_migrate_external_diffs_worker_spec.rb' -- './spec/workers/self_monitoring_project_create_worker_spec.rb' -- './spec/workers/self_monitoring_project_delete_worker_spec.rb' - './spec/workers/service_desk_email_receiver_worker_spec.rb' - './spec/workers/snippets/schedule_bulk_repository_shard_moves_worker_spec.rb' - './spec/workers/snippets/update_repository_storage_worker_spec.rb' |