diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-10 21:09:35 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-10 21:09:35 +0000 |
| commit | 6ae4485274362bf656fae249a1409266a211d255 (patch) | |
| tree | 91401fff86a431833c57cc145f8c5d6bc1142318 | |
| parent | 2f7719abdfde4cb50ed05346b98bac26ea06a8de (diff) | |
| download | gitlab-ce-6ae4485274362bf656fae249a1409266a211d255.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
33 files changed, 224 insertions, 88 deletions
diff --git a/.rubocop.yml b/.rubocop.yml index 6e63c7794a2..185a2497c93 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -13,6 +13,8 @@ inherit_from: <% end %> - '.rubocop_todo.yml' <% end %> + <%# See https://gitlab.com/gitlab-org/gitlab/-/issues/321982#rubymine-note for context on why namespaced_class has special handling here %> + - ./.rubocop_todo/gitlab/namespaced_class.yml - ./rubocop/rubocop-migrations.yml - ./rubocop/rubocop-usage-data.yml - ./rubocop/rubocop-code_reuse.yml diff --git a/app/controllers/projects/usage_quotas_controller.rb b/app/controllers/projects/usage_quotas_controller.rb index f52b9f30250..07a3c010f4f 100644 --- a/app/controllers/projects/usage_quotas_controller.rb +++ b/app/controllers/projects/usage_quotas_controller.rb @@ -3,10 +3,6 @@ class Projects::UsageQuotasController < Projects::ApplicationController before_action :authorize_read_usage_quotas! - before_action do - push_frontend_feature_flag(:container_registry_project_statistics, project) - end - layout "project_settings" feature_category :utilization diff --git a/app/models/container_registry/event.rb b/app/models/container_registry/event.rb index b9fa61b4edf..47d21d21afd 100644 --- a/app/models/container_registry/event.rb +++ b/app/models/container_registry/event.rb @@ -76,7 +76,6 @@ module ContainerRegistry return unless supported? return unless target_tag? return unless project - return unless Feature.enabled?(:container_registry_project_statistics, project) Rails.cache.delete(project.root_ancestor.container_repositories_size_cache_key) ProjectCacheWorker.perform_async(project.id, [], [:container_registry_size]) diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index fc22a39a490..f239c26773e 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -19,6 +19,15 @@ class WebHook < ApplicationRecord algorithm: 'aes-256-gcm', key: Settings.attr_encrypted_db_key_base_32 + attr_encrypted :url_variables, + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_32, + algorithm: 'aes-256-gcm', + marshal: true, + marshaler: ::Gitlab::Json, + encode: false, + encode_iv: false + has_many :web_hook_logs validates :url, presence: true @@ -26,6 +35,9 @@ class WebHook < ApplicationRecord validates :token, format: { without: /\n/ } validates :push_events_branch_filter, branch_filter: true + validates :url_variables, json_schema: { filename: 'web_hooks_url_variables' } + + after_initialize :initialize_url_variables scope :executable, -> do next all unless Feature.enabled?(:web_hooks_disable_failed) @@ -150,9 +162,22 @@ class WebHook < ApplicationRecord end end + # Exclude binary columns by default - they have no sensible JSON encoding + def serializable_hash(options = nil) + options = options.try(:dup) || {} + options[:except] = Array(options[:except]).dup + options[:except].concat [:encrypted_url_variables, :encrypted_url_variables_iv] + + super(options) + end + private def web_hooks_disable_failed? Feature.enabled?(:web_hooks_disable_failed) end + + def initialize_url_variables + self.url_variables = {} if encrypted_url_variables.nil? + end end diff --git a/app/models/project_statistics.rb b/app/models/project_statistics.rb index 5f972c1f506..a0af1b47d01 100644 --- a/app/models/project_statistics.rb +++ b/app/models/project_statistics.rb @@ -77,8 +77,6 @@ class ProjectStatistics < ApplicationRecord end def update_container_registry_size - return unless Feature.enabled?(:container_registry_project_statistics, project) - self.container_registry_size = project.container_repositories_size || 0 end diff --git a/app/validators/json_schemas/web_hooks_url_variables.json b/app/validators/json_schemas/web_hooks_url_variables.json new file mode 100644 index 00000000000..d23a19bf47a --- /dev/null +++ b/app/validators/json_schemas/web_hooks_url_variables.json @@ -0,0 +1,14 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "WebHook#url_variables", + "type": "object", + "additionalProperties": false, + "maxProperties": 20, + "patternProperties": { + "^[A-Za-z_][A-Za-z0-9_]*$": { + "type": "string", + "minLength": 1, + "maxLength": 100 + } + } +} diff --git a/app/views/admin/application_settings/_usage.html.haml b/app/views/admin/application_settings/_usage.html.haml index 8b4ac9b79c8..c9ed2309cec 100644 --- a/app/views/admin/application_settings/_usage.html.haml +++ b/app/views/admin/application_settings/_usage.html.haml @@ -21,7 +21,7 @@ checkbox_options: { disabled: !can_be_configured, data: { qa_selector: 'enable_usage_data_checkbox' } } .form-text.gl-pl-6 - if can_be_configured - %button.gl-button.btn.btn-default.js-payload-preview-trigger{ type: 'button', data: { payload_selector: ".#{payload_class}" } } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-payload-preview-trigger', data: { payload_selector: ".#{payload_class}" } }) do = gl_loading_icon(css_class: 'js-spinner gl-display-none gl-mr-2') .js-text.gl-display-inline= s_('AdminSettings|Preview payload') %pre.service-data-payload-container.js-syntax-highlight.code.highlight.gl-mt-2.gl-display-none{ class: payload_class, data: { endpoint: usage_data_admin_application_settings_path(format: :html) } } diff --git a/app/views/ci/variables/_header.html.haml b/app/views/ci/variables/_header.html.haml index 392ff927f01..d6a9ce72d03 100644 --- a/app/views/ci/variables/_header.html.haml +++ b/app/views/ci/variables/_header.html.haml @@ -3,7 +3,7 @@ %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _('Variables') -%button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } += render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p diff --git a/app/views/projects/cleanup/_show.html.haml b/app/views/projects/cleanup/_show.html.haml index 5e14b6dacfd..c53205b6c58 100644 --- a/app/views/projects/cleanup/_show.html.haml +++ b/app/views/projects/cleanup/_show.html.haml @@ -3,7 +3,7 @@ %section.settings.no-animate#cleanup{ class: ('expanded' if expanded) } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Repository cleanup') - %button.btn.gl-button.btn-default.js-settings-toggle + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p - link_url = 'https://github.com/newren/git-filter-repo' diff --git a/app/views/projects/default_branch/_show.html.haml b/app/views/projects/default_branch/_show.html.haml index 2d3d36a9157..b1fb9c70a54 100644 --- a/app/views/projects/default_branch/_show.html.haml +++ b/app/views/projects/default_branch/_show.html.haml @@ -3,7 +3,7 @@ %section.settings.no-animate#default-branch-settings{ class: ('expanded' if expanded) } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Default branch') - %button.btn.gl-button.btn-default.js-settings-toggle + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _('Set the default branch for this project. All merge requests and commits are made against this branch unless you specify a different one.') diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml index 92dbde07709..41d6b7086c1 100644 --- a/app/views/projects/edit.html.haml +++ b/app/views/projects/edit.html.haml @@ -10,14 +10,16 @@ %section.settings.general-settings.no-animate.expanded#js-general-settings .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Naming, topics, avatar') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= _('Collapse') + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = _('Collapse') %p= _('Update your project name, topics, description, and avatar.') .settings-content= render 'projects/settings/general' %section.settings.sharing-permissions.no-animate#js-shared-permissions{ class: ('expanded' if expanded), data: { qa_selector: 'visibility_features_permissions_content' } } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Visibility, project features, permissions') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand') + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = expanded ? _('Collapse') : _('Expand') %p= _('Choose visibility level, enable/disable project features and their permissions, disable email notifications, and show default award emoji.') .settings-content @@ -29,7 +31,8 @@ %section.rspec-merge-request-settings.settings.merge-requests-feature.no-animate#js-merge-request-settings{ class: [('expanded' if expanded), ('hidden' if @project.project_feature.send(:merge_requests_access_level) == 0)], data: { qa_selector: 'merge_request_settings_content' } } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Merge requests') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand') + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = expanded ? _('Collapse') : _('Expand') = render_if_exists 'projects/merge_request_settings_description_text' .settings-content @@ -47,7 +50,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = s_('ProjectSettings|Badges') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = s_('ProjectSettings|Customize this project\'s badges.') @@ -64,7 +67,8 @@ %section.settings.advanced-settings.no-animate#js-project-advanced-settings{ class: ('expanded' if expanded), data: { qa_selector: 'advanced_settings_content' } } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Advanced') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }= expanded ? _('Collapse') : _('Expand') + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = expanded ? _('Collapse') : _('Expand') %p= s_('ProjectSettings|Housekeeping, export, archive, change path, transfer, and delete.') .settings-content diff --git a/app/views/projects/mirrors/_mirror_repos.html.haml b/app/views/projects/mirrors/_mirror_repos.html.haml index d689b54678e..b1842c8c5db 100644 --- a/app/views/projects/mirrors/_mirror_repos.html.haml +++ b/app/views/projects/mirrors/_mirror_repos.html.haml @@ -6,7 +6,7 @@ %section.settings.project-mirror-settings.no-animate#js-push-remote-settings{ class: mirror_settings_class, data: { qa_selector: 'mirroring_repositories_settings_content' } } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Mirroring repositories') - %button.btn.gl-button.btn-default.js-settings-toggle + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _('Set up your project to automatically push and/or pull changes to/from another repository. Branches, tags, and commits will be synced automatically.') diff --git a/app/views/projects/protected_branches/shared/_index.html.haml b/app/views/projects/protected_branches/shared/_index.html.haml index 2e9a9357fb0..1d60791eae2 100644 --- a/app/views/projects/protected_branches/shared/_index.html.haml +++ b/app/views/projects/protected_branches/shared/_index.html.haml @@ -4,8 +4,8 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = s_("ProtectedBranch|Protected branches") - %button.btn.gl-button.btn-default.js-settings-toggle.qa-expand-protected-branches{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle qa-expand-protected-branches' }) do + = expanded ? _('Collapse') : _('Expand') %p = s_("ProtectedBranch|Keep stable branches secure and force developers to use merge requests.") = link_to s_("ProtectedBranch|What are protected branches?"), help_page_path("user/project/protected_branches") diff --git a/app/views/projects/protected_tags/shared/_index.html.haml b/app/views/projects/protected_tags/shared/_index.html.haml index 8f5ce798dc7..11e09d843e0 100644 --- a/app/views/projects/protected_tags/shared/_index.html.haml +++ b/app/views/projects/protected_tags/shared/_index.html.haml @@ -4,8 +4,8 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = s_("ProtectedTag|Protected tags") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = expanded ? _('Collapse') : _('Expand') %p = s_("ProtectedTag|Limit access to creating and updating tags.") = link_to s_("ProtectedTag|What are protected tags?"), help_page_path("user/project/protected_tags") diff --git a/app/views/projects/settings/ci_cd/show.html.haml b/app/views/projects/settings/ci_cd/show.html.haml index 683de30af49..5da3d2b891c 100644 --- a/app/views/projects/settings/ci_cd/show.html.haml +++ b/app/views/projects/settings/ci_cd/show.html.haml @@ -9,7 +9,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("General pipelines") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _("Customize your pipeline configuration.") @@ -20,7 +20,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = s_('CICD|Auto DevOps') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p - auto_devops_url = help_page_path('topics/autodevops/index') @@ -37,7 +37,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("Runners") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _("Runners are processes that pick up and execute CI/CD jobs for GitLab.") @@ -50,7 +50,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("Artifacts") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _("A job artifact is an archive of files and directories saved by a job when it finishes.") @@ -67,7 +67,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("Pipeline triggers") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _("Trigger a pipeline for a branch or tag by generating a trigger token and using it with an API call. The token impersonates a user's project access and permissions.") @@ -82,7 +82,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("Deploy freezes") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p - freeze_period_docs = help_page_path('user/project/releases/index', anchor: 'prevent-unintentional-releases-by-setting-a-deploy-freeze') @@ -100,7 +100,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _("Token Access") - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = expanded ? _('Collapse') : _('Expand') %p = _("Control which projects can be accessed by API requests authenticated with this project's CI_JOB_TOKEN CI/CD variable. It is a security risk to disable this feature, because unauthorized projects might attempt to retrieve an active token and access the API.") diff --git a/app/views/projects/settings/operations/_alert_management.html.haml b/app/views/projects/settings/operations/_alert_management.html.haml index 34255af9cc6..d80f1e4597c 100644 --- a/app/views/projects/settings/operations/_alert_management.html.haml +++ b/app/views/projects/settings/operations/_alert_management.html.haml @@ -7,7 +7,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _('Alerts') - %button.gl-button.btn.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = _('Expand') %p = _('Display alerts from all configured monitoring tools.') diff --git a/app/views/projects/settings/operations/_error_tracking.html.haml b/app/views/projects/settings/operations/_error_tracking.html.haml index 23b1ec4dea3..5d89790ef9f 100644 --- a/app/views/projects/settings/operations/_error_tracking.html.haml +++ b/app/views/projects/settings/operations/_error_tracking.html.haml @@ -6,7 +6,7 @@ .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _('Error tracking') - %button.gl-button.btn.btn-default.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = _('Expand') %p = _('Link Sentry to GitLab to discover and view the errors your application generates.') diff --git a/app/views/projects/settings/operations/_tracing.html.haml b/app/views/projects/settings/operations/_tracing.html.haml index 343fd22c051..3c8ebe3fb20 100644 --- a/app/views/projects/settings/operations/_tracing.html.haml +++ b/app/views/projects/settings/operations/_tracing.html.haml @@ -4,7 +4,7 @@ .settings-header{ :class => 'border-top' } %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only = _('Tracing') - %button.btn.btn-default.gl-button.js-settings-toggle{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do = _('Expand') %p = _('Embed an image of your existing Jaeger server in GitLab.') diff --git a/app/views/shared/deploy_keys/_index.html.haml b/app/views/shared/deploy_keys/_index.html.haml index 388fe75e833..1cd2a590653 100644 --- a/app/views/shared/deploy_keys/_index.html.haml +++ b/app/views/shared/deploy_keys/_index.html.haml @@ -2,8 +2,8 @@ %section.rspec-deploy-keys-settings.settings.no-animate#js-deploy-keys-settings{ class: ('expanded' if expanded), data: { qa_selector: 'deploy_keys_settings_content' } } .settings-header %h4.settings-title.js-settings-toggle.js-settings-toggle-trigger-only= _('Deploy keys') - %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = render Pajamas::ButtonComponent.new(button_options: { class: 'js-settings-toggle' }) do + = expanded ? _('Collapse') : _('Expand') %p - link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('user/project/deploy_keys/index') } = _("Add deploy keys to grant read/write access to this repository. %{link_start}What are deploy keys?%{link_end}").html_safe % { link_start: link_start, link_end: '</a>'.html_safe } diff --git a/app/views/shared/notes/_edit_form.html.haml b/app/views/shared/notes/_edit_form.html.haml index b41ed8f63e4..cbf0b6f1051 100644 --- a/app/views/shared/notes/_edit_form.html.haml +++ b/app/views/shared/notes/_edit_form.html.haml @@ -10,5 +10,5 @@ .settings-message.note-edit-warning.js-finish-edit-warning = _("Finish editing this message first!") = submit_tag _('Save comment'), class: 'gl-button btn btn-confirm js-comment-save-button', data: { qa_selector: 'save_comment_button' } - %button.btn.gl-button.btn-cancel.note-edit-cancel{ type: 'button' } + = render Pajamas::ButtonComponent.new(button_options: { class: 'note-edit-cancel' }) do = _("Cancel") diff --git a/config/feature_flags/development/container_registry_project_statistics.yml b/config/feature_flags/development/container_registry_project_statistics.yml deleted file mode 100644 index e17fb8406b3..00000000000 --- a/config/feature_flags/development/container_registry_project_statistics.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: container_registry_project_statistics -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84923 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/359852 -milestone: '15.0' -type: development -group: group::utilization -default_enabled: false diff --git a/data/deprecations/15-1-pipelinesecurityreportfinding-name.yml b/data/deprecations/15-1-pipelinesecurityreportfinding-name.yml new file mode 100644 index 00000000000..bc2df85c1c5 --- /dev/null +++ b/data/deprecations/15-1-pipelinesecurityreportfinding-name.yml @@ -0,0 +1,16 @@ +- name: "PipelineSecurityReportFinding name GraphQL field" # (required) The name of the feature to be deprecated + announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/346335 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https://gitlab.com/gitlab-org/gitlab/-/issues/335372) to include a new `title` field. This field is an alias for the current `name` field, making the less specific `name` field redundant. The `name` field will be removed from the PipelineSecurityReportFinding type in GitLab 16.0. +# The following items are not published on the docs page, but may be used in the future. + tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + documentation_url: # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg diff --git a/data/deprecations/15-1-pipelinesecurityreportfinding-projectfingerprint.yml b/data/deprecations/15-1-pipelinesecurityreportfinding-projectfingerprint.yml new file mode 100644 index 00000000000..511f691f6bb --- /dev/null +++ b/data/deprecations/15-1-pipelinesecurityreportfinding-projectfingerprint.yml @@ -0,0 +1,16 @@ +- name: "PipelineSecurityReportFinding projectFingerprint GraphQL field" # (required) The name of the feature to be deprecated + announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/343475 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) attribute of vulnerability findings is being deprecated in favor of a `uuid` attribute. By using UUIDv5 values to identify findings, we can easily associate any related entity with a finding. The `project_fingerprint` attribute is no longer being used to track findings, and will be removed in GitLab 16.0. +# The following items are not published on the docs page, but may be used in the future. + tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + documentation_url: # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg diff --git a/data/deprecations/15-1-project-pipeline-securityReportFindings.yml b/data/deprecations/15-1-project-pipeline-securityReportFindings.yml new file mode 100644 index 00000000000..3d93c94770b --- /dev/null +++ b/data/deprecations/15-1-project-pipeline-securityReportFindings.yml @@ -0,0 +1,16 @@ +- name: "project.pipeline.securityReportFindings GraphQL query" # (required) The name of the feature to be deprecated + announcement_milestone: "15.1" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-06-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: matt_wilson # (required) GitLab username of the person reporting the deprecation + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/343475 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + Previous work helped [align the vulnerabilities calls for pipeline security tabs](https://gitlab.com/gitlab-org/gitlab/-/issues/343469) to match the vulnerabilities calls for project-level and group-level vulnerability reports. This helped the frontend have a more consistent interface. The old `project.pipeline.securityReportFindings` query was formatted differently than other vulnerability data calls. Now that it has been replaced with the new `project.pipeline.vulnerabilities` field, the old `project.pipeline.securityReportFindings` is being deprecated and will be removed in GitLab 16.0. +# The following items are not published on the docs page, but may be used in the future. + tiers: Ultimate # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + documentation_url: # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg diff --git a/db/migrate/20220605170009_add_url_vars_to_web_hook.rb b/db/migrate/20220605170009_add_url_vars_to_web_hook.rb new file mode 100644 index 00000000000..207b0fc10c2 --- /dev/null +++ b/db/migrate/20220605170009_add_url_vars_to_web_hook.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +class AddUrlVarsToWebHook < Gitlab::Database::Migration[2.0] + def change + add_column :web_hooks, :encrypted_url_variables, :binary + add_column :web_hooks, :encrypted_url_variables_iv, :binary + end +end diff --git a/db/schema_migrations/20220605170009 b/db/schema_migrations/20220605170009 new file mode 100644 index 00000000000..d32297ec7d1 --- /dev/null +++ b/db/schema_migrations/20220605170009 @@ -0,0 +1 @@ +b3661dbf8254ed37356a1164718c372cf5828fe7aa0218fd02feb1c00370e86f
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index a9c9750835a..0b12de3c270 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -22260,7 +22260,9 @@ CREATE TABLE web_hooks ( subgroup_events boolean DEFAULT false NOT NULL, recent_failures smallint DEFAULT 0 NOT NULL, backoff_count smallint DEFAULT 0 NOT NULL, - disabled_until timestamp with time zone + disabled_until timestamp with time zone, + encrypted_url_variables bytea, + encrypted_url_variables_iv bytea ); CREATE SEQUENCE web_hooks_id_seq diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 4ef801feb7a..d726f96f646 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -64,6 +64,34 @@ Any Jira Server and Jira Data Center users will need to confirm they are not usi <div class="deprecation removal-160 breaking-change"> +### PipelineSecurityReportFinding name GraphQL field + +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes). +Review the details carefully before upgrading. + +Previously, the [PipelineSecurityReportFinding GraphQL type was updated](https://gitlab.com/gitlab-org/gitlab/-/issues/335372) to include a new `title` field. This field is an alias for the current `name` field, making the less specific `name` field redundant. The `name` field will be removed from the PipelineSecurityReportFinding type in GitLab 16.0. + +</div> + +<div class="deprecation removal-160 breaking-change"> + +### PipelineSecurityReportFinding projectFingerprint GraphQL field + +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes). +Review the details carefully before upgrading. + +The [`project_fingerprint`](https://gitlab.com/groups/gitlab-org/-/epics/2791) attribute of vulnerability findings is being deprecated in favor of a `uuid` attribute. By using UUIDv5 values to identify findings, we can easily associate any related entity with a finding. The `project_fingerprint` attribute is no longer being used to track findings, and will be removed in GitLab 16.0. + +</div> + +<div class="deprecation removal-160 breaking-change"> + ### REST API Runner maintainer_note Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) @@ -89,6 +117,20 @@ by this value remains performant. Due to very low usage of the `Tool` column for GitLab 15.3 to simplify the codebase and prevent any unwanted performance degradation. </div> + +<div class="deprecation removal-160 breaking-change"> + +### project.pipeline.securityReportFindings GraphQL query + +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/contributing/#breaking-changes). +Review the details carefully before upgrading. + +Previous work helped [align the vulnerabilities calls for pipeline security tabs](https://gitlab.com/gitlab-org/gitlab/-/issues/343469) to match the vulnerabilities calls for project-level and group-level vulnerability reports. This helped the frontend have a more consistent interface. The old `project.pipeline.securityReportFindings` query was formatted differently than other vulnerability data calls. Now that it has been replaced with the new `project.pipeline.vulnerabilities` field, the old `project.pipeline.securityReportFindings` is being deprecated and will be removed in GitLab 16.0. + +</div> </div> <div class="announcement-milestone"> diff --git a/spec/models/concerns/sensitive_serializable_hash_spec.rb b/spec/models/concerns/sensitive_serializable_hash_spec.rb index c864ecb4eec..646691dd091 100644 --- a/spec/models/concerns/sensitive_serializable_hash_spec.rb +++ b/spec/models/concerns/sensitive_serializable_hash_spec.rb @@ -56,6 +56,9 @@ RSpec.describe SensitiveSerializableHash do attributes.each do |attribute| expect(model.attributes).to include(attribute) # double-check the attribute does exist + # Do not expect binary columns to appear in JSON + next if klass.columns_hash[attribute]&.type == :binary + expect(model.serializable_hash(unsafe_serialization_hash: true)).to include(attribute) expect(model.to_json(unsafe_serialization_hash: true)).to include(attribute) expect(model.as_json(unsafe_serialization_hash: true)).to include(attribute) @@ -65,8 +68,12 @@ RSpec.describe SensitiveSerializableHash do end end - it_behaves_like 'attr_encrypted attribute', WebHook, 'token' do + context 'for a web hook' do let_it_be(:model) { create(:system_hook) } + + it_behaves_like 'attr_encrypted attribute', WebHook, 'token' + it_behaves_like 'attr_encrypted attribute', WebHook, 'url' + it_behaves_like 'attr_encrypted attribute', WebHook, 'url_variables' end it_behaves_like 'attr_encrypted attribute', Ci::InstanceVariable, 'value' do diff --git a/spec/models/container_registry/event_spec.rb b/spec/models/container_registry/event_spec.rb index 13028c0e1da..e0194a07f46 100644 --- a/spec/models/container_registry/event_spec.rb +++ b/spec/models/container_registry/event_spec.rb @@ -60,14 +60,6 @@ RSpec.describe ContainerRegistry::Event do end end - context 'with :container_registry_project_statistics feature flag disabled' do - before do - stub_feature_flags(container_registry_project_statistics: false) - end - - it_behaves_like 'event without project statistics update' - end - context 'with no target tag' do let(:target) { super().without('tag') } diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb index 8a56209fc65..ab40f962af3 100644 --- a/spec/models/hooks/web_hook_spec.rb +++ b/spec/models/hooks/web_hook_spec.rb @@ -24,6 +24,29 @@ RSpec.describe WebHook do describe 'validations' do it { is_expected.to validate_presence_of(:url) } + describe 'url_variables' do + it { is_expected.to allow_value({}).for(:url_variables) } + it { is_expected.to allow_value({ 'foo' => 'bar' }).for(:url_variables) } + it { is_expected.to allow_value({ 'FOO' => 'bar' }).for(:url_variables) } + it { is_expected.to allow_value({ 'MY_TOKEN' => 'bar' }).for(:url_variables) } + it { is_expected.to allow_value({ 'foo2' => 'bar' }).for(:url_variables) } + it { is_expected.to allow_value({ 'x' => 'y' }).for(:url_variables) } + it { is_expected.to allow_value({ 'x' => ('a' * 100) }).for(:url_variables) } + it { is_expected.to allow_value({ 'foo' => 'bar', 'bar' => 'baz' }).for(:url_variables) } + it { is_expected.to allow_value((1..20).to_h { ["k#{_1}", 'value'] }).for(:url_variables) } + + it { is_expected.not_to allow_value([]).for(:url_variables) } + it { is_expected.not_to allow_value({ 'foo' => 1 }).for(:url_variables) } + it { is_expected.not_to allow_value({ 'bar' => :baz }).for(:url_variables) } + it { is_expected.not_to allow_value({ 'bar' => nil }).for(:url_variables) } + it { is_expected.not_to allow_value({ 'foo' => '' }).for(:url_variables) } + it { is_expected.not_to allow_value({ 'foo' => ('a' * 101) }).for(:url_variables) } + it { is_expected.not_to allow_value({ 'has spaces' => 'foo' }).for(:url_variables) } + it { is_expected.not_to allow_value({ '' => 'foo' }).for(:url_variables) } + it { is_expected.not_to allow_value({ '1foo' => 'foo' }).for(:url_variables) } + it { is_expected.not_to allow_value((1..21).to_h { ["k#{_1}", 'value'] }).for(:url_variables) } + end + describe 'url' do it { is_expected.to allow_value('http://example.com').for(:url) } it { is_expected.to allow_value('https://example.com').for(:url) } @@ -87,7 +110,7 @@ RSpec.describe WebHook do describe 'encrypted attributes' do subject { described_class.encrypted_attributes.keys } - it { is_expected.to contain_exactly(:token, :url) } + it { is_expected.to contain_exactly(:token, :url, :url_variables) } end describe 'execute' do @@ -519,4 +542,22 @@ RSpec.describe WebHook do it { is_expected.to eq :temporarily_disabled } end end + + describe '#to_json' do + it 'does not error' do + expect { hook.to_json }.not_to raise_error + end + + it 'does not error, when serializing unsafe attributes' do + expect { hook.to_json(unsafe_serialization_hash: true) }.not_to raise_error + end + + it 'does not contain binary attributes' do + expect(hook.to_json).not_to include('encrypted_url_variables') + end + + it 'does not contain binary attributes, even when serializing unsafe attributes' do + expect(hook.to_json(unsafe_serialization_hash: true)).not_to include('encrypted_url_variables') + end + end end diff --git a/spec/models/project_statistics_spec.rb b/spec/models/project_statistics_spec.rb index 83f8b7dd532..53175a2f840 100644 --- a/spec/models/project_statistics_spec.rb +++ b/spec/models/project_statistics_spec.rb @@ -358,20 +358,6 @@ RSpec.describe ProjectStatistics do expect(statistics.container_registry_size).to eq(0) end - - context 'with container_registry_project_statistics FF disabled' do - before do - stub_feature_flags(container_registry_project_statistics: false) - end - - it 'does not update the container_registry_size' do - expect(project).not_to receive(:container_repositories_size) - - update_container_registry_size - - expect(statistics.container_registry_size).to eq(0) - end - end end describe '#update_storage_size' do diff --git a/spec/requests/projects/usage_quotas_spec.rb b/spec/requests/projects/usage_quotas_spec.rb index 3de871823c4..6e449a21804 100644 --- a/spec/requests/projects/usage_quotas_spec.rb +++ b/spec/requests/projects/usage_quotas_spec.rb @@ -35,26 +35,5 @@ RSpec.describe 'Project Usage Quotas' do it_behaves_like 'response with 404 status' end - - context 'container_registry_project_statistics feature flag' do - subject(:body) { response.body } - - before do - stub_feature_flags(container_registry_project_statistics: container_registry_project_statistics_enabled) - get project_usage_quotas_path(project) - end - - context 'when disabled' do - let(:container_registry_project_statistics_enabled) { false } - - it { is_expected.to have_pushed_frontend_feature_flags(containerRegistryProjectStatistics: false)} - end - - context 'when enabled' do - let(:container_registry_project_statistics_enabled) { true } - - it { is_expected.to have_pushed_frontend_feature_flags(containerRegistryProjectStatistics: true)} - end - end end end |