diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-16 06:07:12 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-16 06:07:12 +0000 |
| commit | b78b8c1103e1e9542891a1c333c8abcd4d7e10ab (patch) | |
| tree | e6fd1cb9a6fbd4fcb6d9befb61a1773e5c8542c5 | |
| parent | fe0260eaa337339a131624a8b71d7a05a3664a18 (diff) | |
| download | gitlab-ce-b78b8c1103e1e9542891a1c333c8abcd4d7e10ab.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
23 files changed, 172 insertions, 149 deletions
diff --git a/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql b/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql index 794fe0a6151..a15889613f5 100644 --- a/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql +++ b/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql @@ -5,7 +5,6 @@ fragment AlertDetailItem on AlertManagementAlert { ...AlertListItem createdAt monitoringTool - metricsDashboardUrl service description updatedAt diff --git a/app/graphql/types/alert_management/alert_type.rb b/app/graphql/types/alert_management/alert_type.rb index a13453f9194..5784c7a4872 100644 --- a/app/graphql/types/alert_management/alert_type.rb +++ b/app/graphql/types/alert_management/alert_type.rb @@ -114,7 +114,9 @@ module Types field :metrics_dashboard_url, GraphQL::Types::String, null: true, - description: 'URL for metrics embed for the alert.' + description: 'URL for metrics embed for the alert.', + deprecated: { reason: 'Returns no data. Underlying feature was removed in 16.0', + milestone: '16.0' } field :runbook, GraphQL::Types::String, @@ -145,6 +147,12 @@ module Types def notes object.ordered_notes end + + def metrics_dashboard_url + return if Feature.enabled?(:remove_monitor_metrics) + + object.metrics_dashboard_url + end end end end diff --git a/app/graphql/types/group_type.rb b/app/graphql/types/group_type.rb index d352d82a52e..da2c06d04b7 100644 --- a/app/graphql/types/group_type.rb +++ b/app/graphql/types/group_type.rb @@ -167,6 +167,11 @@ module Types null: false, description: 'Total size of the dependency proxy cached images.' + field :dependency_proxy_total_size_in_bytes, + GraphQL::Types::Int, + null: false, + description: 'Total size of the dependency proxy cached images in bytes.' + field :dependency_proxy_image_prefix, GraphQL::Types::String, null: false, @@ -279,10 +284,14 @@ module Types def dependency_proxy_total_size ActiveSupport::NumberHelper.number_to_human_size( - group.dependency_proxy_manifests.sum(:size) + group.dependency_proxy_blobs.sum(:size) + dependency_proxy_total_size_in_bytes ) end + def dependency_proxy_total_size_in_bytes + group.dependency_proxy_manifests.sum(:size) + group.dependency_proxy_blobs.sum(:size) + end + def dependency_proxy_setting group.dependency_proxy_setting || group.create_dependency_proxy_setting end diff --git a/config/routes/project.rb b/config/routes/project.rb index f296143dca8..995c9879aa3 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -632,23 +632,8 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do constraints: { id: /\d+/ } # rubocop: enable Cop/PutProjectRoutesUnderScope end - - # All new routes should go under /-/ scope. - # Look for scope '-' at the top of the file. - - # Legacy routes. - # Introduced in 12.0. - # Should be removed with https://gitlab.com/gitlab-org/gitlab/issues/28848. - Gitlab::Routing.redirect_legacy_paths( - self, :mirror, :tags, :hooks, - :commits, :commit, :find_file, :files, :compare, - :cycle_analytics, :mattermost, :variables, :triggers, - :environments, :protected_environments, :error_tracking, :alert_management, - :serverless, :clusters, :audit_events, :wikis, :merge_requests, - :vulnerability_feedback, :security, :dependencies, :issues, - :pipelines, :pipeline_schedules, :runners, :snippets - ) end + # rubocop: disable Cop/PutProjectRoutesUnderScope resources( :projects, diff --git a/config/routes/repository_deprecated.rb b/config/routes/repository_deprecated.rb index 32682000941..00206592fc8 100644 --- a/config/routes/repository_deprecated.rb +++ b/config/routes/repository_deprecated.rb @@ -10,21 +10,6 @@ resource :repository, only: [:create] # Don't use format parameter as file extension (old 3.0.x behavior) # See http://guides.rubyonrails.org/routing.html#route-globbing-and-wildcard-segments scope format: false do - get '/refs/switch', - to: redirect('%{namespace_id}/%{project_id}/-/refs/switch') - - get '/refs/:id/logs_tree', - to: redirect('%{namespace_id}/%{project_id}/-/refs/%{id}/logs_tree'), - constraints: { id: Gitlab::PathRegex.git_reference_regex } - - get '/refs/:id/logs_tree/*path', - constraints: { id: /.*/, path: /[^\0]*/ }, - to: redirect { |params, _request| - path = params[:path] - path.gsub!('@', '-/') - Addressable::URI.escape("#{params[:namespace_id]}/#{params[:project_id]}/-/refs/#{params[:id]}/logs_tree/#{path}") - } - scope constraints: { id: /[^\0]+/ } do # Deprecated. Keep for compatibility. # Issue https://gitlab.com/gitlab-org/gitlab/-/issues/118849 @@ -32,9 +17,5 @@ scope format: false do get '/blob/*id', to: 'blob#show', as: :deprecated_blob get '/raw/*id', to: 'raw#show', as: :deprecated_raw get '/blame/*id', to: 'blame#show', as: :deprecated_blame - - # Redirect those explicitly since `redirect_legacy_paths` conflicts with project new/edit actions - get '/new/*id', to: redirect('%{namespace_id}/%{project_id}/-/new/%{id}') - get '/edit/*id', to: redirect('%{namespace_id}/%{project_id}/-/edit/%{id}') end end diff --git a/data/deprecations/16-0-mobsf-android-manifests.yml b/data/deprecations/16-0-mobsf-android-manifests.yml index c3bca0a6db1..fb06112d26e 100644 --- a/data/deprecations/16-0-mobsf-android-manifests.yml +++ b/data/deprecations/16-0-mobsf-android-manifests.yml @@ -6,17 +6,7 @@ stage: Secure issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/408396 body: | - We'll change how the MobSF-based analyzer in GitLab SAST handles multi-module Android projects. - This analyzer only runs if you [enable Experimental features](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) for SAST. + **Update:** We previously announced a change to how the MobSF-based GitLab SAST analyzer would scan multi-module Android projects. + We've cancelled that change, and no action is required. - The analyzer currently searches for `AndroidManifest.xml` files and scans only the first one it finds. - This manifest often is not the main manifest for the app, so the scan checks less of the app's source code for vulnerabilities. - - Starting in GitLab 16.0, the analyzer will always use `app/src/main/AndroidManifest.xml` as the manifest, and use `app/src/main/` as the project root directory. - The new behavior matches standard Android project layouts and addresses bug reports from customers, so we expect it will improve scan coverage for most apps. - - If you relied on the previous behavior, you can [pin the MobSF analyzer](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version) to version 4.0.0, which uses the old behavior. - Then, please comment on [the deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/408396) so we can consider new configuration options to accommodate your use case. - - This change doesn't affect scans you run in GitLab 15.11 or previous versions, since this change is only included in the [new major version](#secure-analyzers-major-version-update) of the MobSF-based analyzer. - documentation_url: https://docs.gitlab.com/ee/user/application_security/sast/ + Instead of changing which single module would be scanned, we [improved multi-module support](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf/-/merge_requests/73). diff --git a/data/removals/16_0/16-0-sast-analyzer-consolidation.yml b/data/removals/16_0/16-0-sast-analyzer-consolidation.yml new file mode 100644 index 00000000000..6235e9619ae --- /dev/null +++ b/data/removals/16_0/16-0-sast-analyzer-consolidation.yml @@ -0,0 +1,21 @@ +- title: "The Security Code Scan-based GitLab SAST analyzer is now removed" # (required) Clearly explain the change. For example, "The `confidential` field for a `Note` is removed" or "CI/CD job names are limited to 250 characters." + announcement_milestone: "15.9" # (required) The milestone when this feature was first announced as deprecated. + removal_milestone: "16.0" # (required) The milestone when this feature is being removed. + breaking_change: true # (required) Change to false if this is not a breaking change. + reporter: connorgilbert # (required) GitLab username of the person reporting the change + stage: secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/390416 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + GitLab SAST uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) to scan code for vulnerabilities. + We've reduced the number of supported analyzers used by default in GitLab SAST. + This is part of our long-term strategy to deliver a faster, more consistent user experience across different programming languages. + + As of GitLab 16.0, the [SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) no longer uses the [Security Code Scan](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan)-based analyzer for .NET. + We've removed this analyzer from the SAST CI/CD template and replaced it with GitLab-supported detection rules for C# in the [Semgrep-based analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep). + + Because this analyzer has reached End of Support in GitLab 16.0, we won't provide further updates to it. + However, we won't delete any container images we previously published for this analyzer or remove the ability to run it by using a [custom CI/CD pipeline job](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast). + + If you've already dismissed a vulnerability finding from the deprecated analyzer, the replacement attempts to respect your previous dismissal. See [Vulnerability translation documentation](https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#vulnerability-translation) for further details. + + If you customize the behavior of GitLab SAST by disabling the Semgrep-based analyzer or depending on specific SAST jobs in your pipelines, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/390416#actions-required). diff --git a/doc/administration/package_information/defaults.md b/doc/administration/package_information/defaults.md index 68958102d4e..96b56388ea9 100644 --- a/doc/administration/package_information/defaults.md +++ b/doc/administration/package_information/defaults.md @@ -30,7 +30,7 @@ by default: | PgBouncer exporter | No | Port | X | 9188 | | GitLab Exporter | Yes | Port | X | 9168 | | Sidekiq exporter | Yes | Port | X | 8082 | -| Sidekiq health check | Yes | Port | X | 8092[^Sidekiq-health] | +| Sidekiq health check | Yes | Port | X | 8092[^Sidekiq-health] | | Web exporter | No | Port | X | 8083 | | Geo PostgreSQL | No | Socket | Port (5431) | X | | Redis Sentinel | No | Port | X | 26379 | @@ -49,9 +49,10 @@ by default: | PgBouncer | No | Port | X | 6432 | | Consul | No | Port | X | 8300, 8301(UDP), 8500, 8600[^Consul-notes] | | Patroni | No | Port | X | 8008 | -| GitLab KAS | Yes | Port | X | 8150 | -| Gitaly | No | Port | X | 8075 or 9999 (TLS) | -| Praefect | No | Port | X | 2305 or 3305 (TLS) | +| GitLab KAS | Yes | Port | X | 8150 | +| Gitaly | Yes | Socket | Port (8075) | 8075 or 9999 (TLS) | +| Gitaly exporter | Yes | Port | X | 9236 | +| Praefect | No | Port | X | 2305 or 3305 (TLS) | Legend: diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 8d94b45c1f9..c52d14f59fe 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -11547,7 +11547,7 @@ Describes an alert from the project's Alert Management. | <a id="alertmanagementalertiid"></a>`iid` | [`ID!`](#id) | Internal ID of the alert. | | <a id="alertmanagementalertissue"></a>`issue` | [`Issue`](#issue) | Issue attached to the alert. | | <a id="alertmanagementalertissueiid"></a>`issueIid` **{warning-solid}** | [`ID`](#id) | **Deprecated** in 13.10. Use issue field. | -| <a id="alertmanagementalertmetricsdashboardurl"></a>`metricsDashboardUrl` | [`String`](#string) | URL for metrics embed for the alert. | +| <a id="alertmanagementalertmetricsdashboardurl"></a>`metricsDashboardUrl` **{warning-solid}** | [`String`](#string) | **Deprecated** in 16.0. Returns no data. Underlying feature was removed in 16.0. | | <a id="alertmanagementalertmonitoringtool"></a>`monitoringTool` | [`String`](#string) | Monitoring tool the alert came from. | | <a id="alertmanagementalertnotes"></a>`notes` | [`NoteConnection!`](#noteconnection) | All notes on this noteable. (see [Connections](#connections)) | | <a id="alertmanagementalertprometheusalert"></a>`prometheusAlert` | [`PrometheusAlert`](#prometheusalert) | Alert condition for Prometheus. | @@ -15027,6 +15027,7 @@ GPG signature for a signed commit. | <a id="groupdependencyproxymanifests"></a>`dependencyProxyManifests` | [`DependencyProxyManifestConnection`](#dependencyproxymanifestconnection) | Dependency Proxy manifests. (see [Connections](#connections)) | | <a id="groupdependencyproxysetting"></a>`dependencyProxySetting` | [`DependencyProxySetting`](#dependencyproxysetting) | Dependency Proxy settings for the group. | | <a id="groupdependencyproxytotalsize"></a>`dependencyProxyTotalSize` | [`String!`](#string) | Total size of the dependency proxy cached images. | +| <a id="groupdependencyproxytotalsizeinbytes"></a>`dependencyProxyTotalSizeInBytes` | [`Int!`](#int) | Total size of the dependency proxy cached images in bytes. | | <a id="groupdescription"></a>`description` | [`String`](#string) | Description of the namespace. | | <a id="groupdescriptionhtml"></a>`descriptionHtml` | [`String`](#string) | GitLab Flavored Markdown rendering of `description`. | | <a id="groupdora"></a>`dora` | [`Dora`](#dora) | Group's DORA metrics. | diff --git a/doc/api/integrations.md b/doc/api/integrations.md index 16ca7d74510..5b6c4d17915 100644 --- a/doc/api/integrations.md +++ b/doc/api/integrations.md @@ -941,9 +941,10 @@ Parameters: | --------- | ---- | -------- | ----------- | | `url` | string | yes | The URL to the Jira project which is being linked to this GitLab project. For example, `https://jira.example.com`. | | `api_url` | string | no | The base URL to the Jira instance API. Web URL value is used if not set. For example, `https://jira-api.example.com`. | -| `username` | string | yes | The username of the user created to be used with GitLab/Jira. | -| `password` | string | yes | The password of the user created to be used with GitLab/Jira. | -| `active` | boolean | no | Activates or deactivates the integration. Defaults to false (deactivated). | +| `username` | string | no | The email or username to be used with Jira. For Jira Cloud use an email, for Jira Data Center and Jira Server use a username. Required when using Basic authentication (`jira_auth_type` is `0`) | +| `password` | string | yes | The Jira API token, password, or personal access token to be used with Jira. When your authentication method is Basic (`jira_auth_type` is `0`) use an API token for Jira Cloud, or a password for Jira Data Center or Jira Server. When your authentication method is Jira personal access token (`jira_auth_type` is `1`) use a personal access token. | +| `active` | boolean | no | Activates or deactivates the integration. Defaults to `false` (deactivated). | +| `jira_auth_type`| integer | no | The authentication method to be used with Jira. `0` means Basic Authentication. `1` means Jira personal access token. Defaults to `0`. | | `jira_issue_prefix` | string | no | Prefix to match Jira issue keys. | | `jira_issue_regex` | string | no | Regular expression to match Jira issue keys. | | `jira_issue_transition_automatic` | boolean | no | Enable [automatic issue transitions](../integration/jira/issues.md#automatic-issue-transitions). Takes precedence over `jira_issue_transition_id` if enabled. Defaults to `false` | diff --git a/doc/ci/pipelines/cicd_minutes.md b/doc/ci/pipelines/cicd_minutes.md index 492ea7b19f0..ee3f0d8c539 100644 --- a/doc/ci/pipelines/cicd_minutes.md +++ b/doc/ci/pipelines/cicd_minutes.md @@ -263,9 +263,10 @@ GitLab SaaS runners have different cost factors, depending on the runner type (L | GitLab SaaS runner type | Machine Type | CI/CD minutes cost factor | | :--------- | :------------------- | :--------- | -| Linux OS + Docker executor| Small |1| -| Linux OS + Docker executor| Medium |2| -| Linux OS + Docker executor| Large |3| +| Linux OS | Small |1| +| Linux OS | Medium |2| +| Linux OS | Large |3| +| Linux OS + GPU-enabled | Medium, GPU Standard |7| ### Monthly reset of CI/CD minutes diff --git a/doc/ci/runners/saas/linux_saas_runner.md b/doc/ci/runners/saas/linux_saas_runner.md index e9ac91409af..3a45e056643 100644 --- a/doc/ci/runners/saas/linux_saas_runner.md +++ b/doc/ci/runners/saas/linux_saas_runner.md @@ -28,6 +28,15 @@ CI/CD jobs that run on `medium` and `large` machine types consumes CI minutes at Refer to the CI/CD minutes [cost factor](../../../ci/pipelines/cicd_minutes.md#cost-factor) for the cost factor applied to the machine type based on size. +## GPU-enabled SaaS runners on Linux **(PREMIUM SAAS)** + +We offer GPU-enabled SaaS runners for heavy compute including ModelOps or HPC workloads. Available to Premium and Ultimate plan customers, jobs on these instances consume the CI/CD minutes allocated to your namespace. + +| | Standard | +|-------------------|---------------------------| +| Specs | 4 vCPU, 16 GB RAM, 1 Nvidia Tesla T4 GPU (or similar) | +| GitLab CI/CD tags | `saas-linux-medium-gpu-standard` | + ## Example of how to tag a job To use a machine type other than `small`, add a `tags:` keyword to your job. diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 9a852536c9b..e30782c70a3 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -989,19 +989,10 @@ When using the native HashiCorp Vault integration, CI/CD jobs will fail when no - To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/408396). </div> -We'll change how the MobSF-based analyzer in GitLab SAST handles multi-module Android projects. -This analyzer only runs if you [enable Experimental features](https://docs.gitlab.com/ee/user/application_security/sast/#experimental-features) for SAST. +**Update:** We previously announced a change to how the MobSF-based GitLab SAST analyzer would scan multi-module Android projects. +We've cancelled that change, and no action is required. -The analyzer currently searches for `AndroidManifest.xml` files and scans only the first one it finds. -This manifest often is not the main manifest for the app, so the scan checks less of the app's source code for vulnerabilities. - -Starting in GitLab 16.0, the analyzer will always use `app/src/main/AndroidManifest.xml` as the manifest, and use `app/src/main/` as the project root directory. -The new behavior matches standard Android project layouts and addresses bug reports from customers, so we expect it will improve scan coverage for most apps. - -If you relied on the previous behavior, you can [pin the MobSF analyzer](https://docs.gitlab.com/ee/user/application_security/sast/#pinning-to-minor-image-version) to version 4.0.0, which uses the old behavior. -Then, please comment on [the deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/408396) so we can consider new configuration options to accommodate your use case. - -This change doesn't affect scans you run in GitLab 15.11 or previous versions, since this change is only included in the [new major version](#secure-analyzers-major-version-update) of the MobSF-based analyzer. +Instead of changing which single module would be scanned, we [improved multi-module support](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf/-/merge_requests/73). </div> diff --git a/doc/update/removals.md b/doc/update/removals.md index a2dddbfaa44..7359d74c6f5 100644 --- a/doc/update/removals.md +++ b/doc/update/removals.md @@ -552,6 +552,26 @@ GitLab 15.7 and is removed in 16.0. The Phabricator project hasn't been actively maintained since June 1, 2021. We haven't observed imports using this tool. There has been no activity on the open related issues on GitLab. +### The Security Code Scan-based GitLab SAST analyzer is now removed + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +GitLab SAST uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) to scan code for vulnerabilities. +We've reduced the number of supported analyzers used by default in GitLab SAST. +This is part of our long-term strategy to deliver a faster, more consistent user experience across different programming languages. + +As of GitLab 16.0, the [SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml) no longer uses the [Security Code Scan](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan)-based analyzer for .NET. +We've removed this analyzer from the SAST CI/CD template and replaced it with GitLab-supported detection rules for C# in the [Semgrep-based analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep). + +Because this analyzer has reached End of Support in GitLab 16.0, we won't provide further updates to it. +However, we won't delete any container images we previously published for this analyzer or remove the ability to run it by using a [custom CI/CD pipeline job](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportssast). + +If you've already dismissed a vulnerability finding from the deprecated analyzer, the replacement attempts to respect your previous dismissal. See [Vulnerability translation documentation](https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#vulnerability-translation) for further details. + +If you customize the behavior of GitLab SAST by disabling the Semgrep-based analyzer or depending on specific SAST jobs in your pipelines, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/390416#actions-required). + ### The stable Terraform CI/CD template has been replaced with the latest template WARNING: diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 521212d4c4e..64c0f3440c5 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -105,6 +105,7 @@ For more information about our plans for language support in SAST, see the [cate | React | [Semgrep](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep) with [GitLab-managed rules](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/main/RULES.md) | 13.10 | | Ruby | [brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman) | 13.9 | | Ruby on Rails | [brakeman](https://gitlab.com/gitlab-org/security-products/analyzers/brakeman) | 10.3 | +| Scala (any build system) | [Semgrep](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep) with [GitLab-managed rules](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/main/RULES.md) | 16.0 | | Scala<sup>1</sup> | [SpotBugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) with the find-sec-bugs plugin | 11.0 (SBT) & 11.9 (Gradle, Maven) | | Swift (iOS) | [MobSF (beta)](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf) | 13.5 | | TypeScript<sup>2</sup> | [ESLint security plugin](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) | 11.9, [merged](https://gitlab.com/gitlab-org/gitlab/-/issues/36059) with ESLint in 13.2 | @@ -113,7 +114,7 @@ For more information about our plans for language support in SAST, see the [cate 1. The SpotBugs-based analyzer supports [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/), and [SBT](https://www.scala-sbt.org/). It can also be used with variants like the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html), [Grails](https://grails.org/), -and the [Maven wrapper](https://github.com/takari/maven-wrapper). However, SpotBugs has [limitations](https://gitlab.com/gitlab-org/gitlab/-/issues/350801) when used against [Ant](https://ant.apache.org/)-based projects. We recommend using the Semgrep-based analyzer for Ant-based Java projects. +and the [Maven wrapper](https://github.com/takari/maven-wrapper). However, SpotBugs has [limitations](https://gitlab.com/gitlab-org/gitlab/-/issues/350801) when used against [Ant](https://ant.apache.org/)-based projects. We recommend using the Semgrep-based analyzer for Ant-based Java or Scala projects. 1. These analyzers reached [End of Support](https://about.gitlab.com/handbook/product/gitlab-the-product/#end-of-support) status [in GitLab 15.4](https://gitlab.com/gitlab-org/gitlab/-/issues/352554). 1. Security Code Scan reached [End of Support](https://about.gitlab.com/handbook/product/gitlab-the-product/#end-of-support) status [in GitLab 16.0](https://gitlab.com/gitlab-org/gitlab/-/issues/390416). diff --git a/doc/user/project/import/github.md b/doc/user/project/import/github.md index 1c0dfc377b4..b2b1ede12d4 100644 --- a/doc/user/project/import/github.md +++ b/doc/user/project/import/github.md @@ -124,6 +124,21 @@ If you are not using the GitHub integration, you can still perform an authorizat To use a newer personal access token in imports after previously performing these steps, sign out of your GitLab account and sign in again, or revoke the older personal access token in GitHub. +### Filter repositories list + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385113) in GitLab 16.0. + +After you authorize access to your GitHub repositories, GitLab redirects you to the importer page and +your GitHub repositories are listed. + +Use one of the following tabs to filter the list of repositories: + +- **Owner** (default): Filter the list to the repositories that you are the owner of. +- **Collaborated**: Filter the list to the repositories that you have contributed to. +- **Organization**: Filter the list to the repositories that belong to an organization you are a member of. + +When the **Organization** tab is selected, you can further narrow down your search by selecting an available GitHub organization from a dropdown. + ### Select additional items to import > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/373705) in GitLab 15.5. @@ -149,9 +164,6 @@ You can choose to import these items, but this could significantly increase impo > - Ability to cancel pending or active imports [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/247325) in GitLab 15.7. > - Ability to re-import projects [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23905) in GitLab 15.9. -After you have authorized access to your GitHub repositories, you are redirected to the GitHub importer page and -your GitHub repositories are listed. - By default, the proposed repository namespaces match the names as they exist in GitHub, but based on your permissions, you can choose to edit these names before you proceed to import any of them. @@ -173,6 +185,18 @@ Completed imports can be re-imported by selecting **Re-import** and specifying n  +### Check status of imports + +> Details of partially completed imports with a list of entities that failed to import [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/386748) in GitLab 16.0. + +After imports are completed, they can be in one of three states: + +- **Completed**: GitLab imported all repository entities. +- **Partially completed**: GitLab failed to import some repository entities. +- **Failed**: GitLab imported no repository entities. + +Expand **Details** to see a list of [repository entities](#imported-data) that failed to import. + ## Mirror a repository and share pipeline status **(PREMIUM)** Depending on your GitLab tier, [repository mirroring](../repository/mirror/index.md) can be set up to keep diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb index 701418931f3..4c37a2a5aba 100644 --- a/lib/api/helpers/integrations_helpers.rb +++ b/lib/api/helpers/integrations_helpers.rb @@ -595,19 +595,19 @@ module API required: false, name: :jira_auth_type, type: Integer, - desc: 'The authorization type for Jira' + desc: 'The authentication method to be used with Jira. `0` means Basic Authentication. `1` means Jira personal access token. Defaults to `0`' }, { required: false, name: :username, type: String, - desc: 'The username of the user created to be used with GitLab/Jira' + desc: 'The email or username to be used with Jira. For Jira Cloud use an email, for Jira Data Center and Jira Server use a username. Required when using Basic authentication (`jira_auth_type` is `0`)' }, { required: true, name: :password, type: String, - desc: 'The password of the user created to be used with GitLab/Jira' + desc: 'The Jira API token, password, or personal access token to be used with Jira. When your authentication method is Basic (`jira_auth_type` is `0`) use an API token for Jira Cloud, or a password for Jira Data Center or Jira Server. When your authentication method is Jira personal access token (`jira_auth_type` is `1`) use a personal access token' }, { required: false, diff --git a/qa/Gemfile b/qa/Gemfile index e8d3a435766..6379f65db3d 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -11,7 +11,7 @@ gem 'capybara-screenshot', '~> 1.0.26' gem 'rake', '~> 13', '>= 13.0.6' gem 'rspec', '~> 3.12' # 4.9.1 drops Ruby 2.7 support. We can upgrade further after we drop Ruby 2.7 support. -gem 'selenium-webdriver', '= 4.9.0' +gem 'selenium-webdriver', '= 4.9.1' gem 'airborne', '~> 0.3.7', require: false # airborne is messing with rspec sandboxed mode so not requiring by default gem 'rest-client', '~> 2.1.0' gem 'rspec-retry', '~> 0.6.2', require: 'rspec/retry' diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 9b2b8acfb87..b8f4880a436 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -269,7 +269,7 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - selenium-webdriver (4.9.0) + selenium-webdriver (4.9.1) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) websocket (~> 1.0) @@ -345,7 +345,7 @@ DEPENDENCIES rspec-retry (~> 0.6.2) rspec_junit_formatter (~> 0.6.0) ruby-debug-ide (~> 0.7.3) - selenium-webdriver (= 4.9.0) + selenium-webdriver (= 4.9.1) slack-notifier (~> 2.4) terminal-table (~> 3.0.2) warning (~> 1.3) diff --git a/spec/graphql/types/group_type_spec.rb b/spec/graphql/types/group_type_spec.rb index 6820cf2738e..0fbf50fe258 100644 --- a/spec/graphql/types/group_type_spec.rb +++ b/spec/graphql/types/group_type_spec.rb @@ -22,7 +22,7 @@ RSpec.describe GitlabSchema.types['Group'] do merge_requests container_repositories container_repositories_count packages dependency_proxy_setting dependency_proxy_manifests dependency_proxy_blobs dependency_proxy_image_count - dependency_proxy_blob_count dependency_proxy_total_size + dependency_proxy_blob_count dependency_proxy_total_size dependency_proxy_total_size_in_bytes dependency_proxy_image_prefix dependency_proxy_image_ttl_policy shared_runners_setting timelogs organization_state_counts organizations contact_state_counts contacts work_item_types diff --git a/spec/requests/api/graphql/group/dependency_proxy_blobs_spec.rb b/spec/requests/api/graphql/group/dependency_proxy_blobs_spec.rb index 2c4770a31a7..a6eb114a279 100644 --- a/spec/requests/api/graphql/group/dependency_proxy_blobs_spec.rb +++ b/spec/requests/api/graphql/group/dependency_proxy_blobs_spec.rb @@ -26,6 +26,7 @@ RSpec.describe 'getting dependency proxy blobs in a group', feature_category: :d #{query_graphql_field('dependency_proxy_blobs', {}, dependency_proxy_blob_fields)} dependencyProxyBlobCount dependencyProxyTotalSize + dependencyProxyTotalSizeInBytes GQL end @@ -42,6 +43,7 @@ RSpec.describe 'getting dependency proxy blobs in a group', feature_category: :d let(:dependency_proxy_blobs_response) { graphql_data.dig('group', 'dependencyProxyBlobs', 'edges') } let(:dependency_proxy_blob_count_response) { graphql_data.dig('group', 'dependencyProxyBlobCount') } let(:dependency_proxy_total_size_response) { graphql_data.dig('group', 'dependencyProxyTotalSize') } + let(:dependency_proxy_total_size_in_bytes_response) { graphql_data.dig('group', 'dependencyProxyTotalSizeInBytes') } before do stub_config(dependency_proxy: { enabled: true }) @@ -121,7 +123,13 @@ RSpec.describe 'getting dependency proxy blobs in a group', feature_category: :d it 'returns the total size' do subject + expected_size = ActiveSupport::NumberHelper.number_to_human_size(blobs.inject(0) { |sum, blob| sum + blob.size }) + expect(dependency_proxy_total_size_response).to eq(expected_size) + end + + it 'returns the total size in bytes' do + subject expected_size = blobs.inject(0) { |sum, blob| sum + blob.size } - expect(dependency_proxy_total_size_response).to eq(ActiveSupport::NumberHelper.number_to_human_size(expected_size)) + expect(dependency_proxy_total_size_in_bytes_response).to eq(expected_size) end end diff --git a/spec/requests/api/graphql/project/alert_management/alert/metrics_dashboard_url_spec.rb b/spec/requests/api/graphql/project/alert_management/alert/metrics_dashboard_url_spec.rb index b430fdeb18f..3417f9529bd 100644 --- a/spec/requests/api/graphql/project/alert_management/alert/metrics_dashboard_url_spec.rb +++ b/spec/requests/api/graphql/project/alert_management/alert/metrics_dashboard_url_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'getting Alert Management Alert Assignees', feature_category: :projects do +RSpec.describe 'getting Alert Management Alert Assignees', feature_category: :incident_management do include GraphqlHelpers let_it_be(:project) { create(:project) } @@ -29,6 +29,7 @@ RSpec.describe 'getting Alert Management Alert Assignees', feature_category: :pr let(:first_alert) { alerts.first } before do + stub_feature_flags(remove_monitor_metrics: false) project.add_developer(current_user) end @@ -44,6 +45,17 @@ RSpec.describe 'getting Alert Management Alert Assignees', feature_category: :pr expect(first_alert).to include('metricsDashboardUrl' => dashboard_url_for_alert) end + + context 'when metrics dashboard feature is unavailable' do + before do + stub_feature_flags(remove_monitor_metrics: true) + end + + it 'returns nil' do + post_graphql(graphql_query, current_user: current_user) + expect(first_alert['metricsDashboardUrl']).to be_nil + end + end end context 'with gitlab-managed prometheus payload' do @@ -58,5 +70,16 @@ RSpec.describe 'getting Alert Management Alert Assignees', feature_category: :pr expect(first_alert).to include('metricsDashboardUrl' => dashboard_url_for_alert) end + + context 'when metrics dashboard feature is unavailable' do + before do + stub_feature_flags(remove_monitor_metrics: true) + end + + it 'returns nil' do + post_graphql(graphql_query, current_user: current_user) + expect(first_alert['metricsDashboardUrl']).to be_nil + end + end end end diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb index c2458d3485f..aebb68ec822 100644 --- a/spec/routing/project_routing_spec.rb +++ b/spec/routing/project_routing_spec.rb @@ -107,9 +107,6 @@ RSpec.describe 'project routing' do it_behaves_like 'wiki routing' do let(:base_path) { '/gitlab/gitlabhq/-/wikis' } end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/wikis", "/gitlab/gitlabhq/-/wikis" - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/wikis/home/edit", "/gitlab/gitlabhq/-/wikis/home/edit" end # branches_project_repository GET /:project_id/repository/branches(.:format) projects/repositories#branches @@ -164,8 +161,6 @@ RSpec.describe 'project routing' do expect(delete('/gitlab/gitlabhq/-/tags/feature%2B45/foo/bar/baz')).to route_to('projects/tags#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'feature+45/foo/bar/baz') expect(delete('/gitlab/gitlabhq/-/tags/feature@45/foo/bar/baz')).to route_to('projects/tags#destroy', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'feature@45/foo/bar/baz') end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/tags", "/gitlab/gitlabhq/-/tags" end # project_deploy_keys GET /:project_id/deploy_keys(.:format) deploy_keys#index @@ -217,20 +212,6 @@ RSpec.describe 'project routing' do namespace_id: 'gitlab', project_id: 'gitlabhq', id: "stable", path: "new\n\nline.txt" }) end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/refs/switch', '/gitlab/gitlabhq/-/refs/switch' - - it_behaves_like 'redirecting a legacy path', - '/gitlab/gitlabhq/refs/feature%2345/logs_tree', - '/gitlab/gitlabhq/-/refs/feature%2345/logs_tree' - - it_behaves_like 'redirecting a legacy path', - '/gitlab/gitlabhq/refs/stable/logs_tree/new%0A%0Aline.txt', - '/gitlab/gitlabhq/-/refs/stable/logs_tree/new%0A%0Aline.txt' - - it_behaves_like 'redirecting a legacy path', - '/gitlab/gitlabhq/refs/feature%2345/logs_tree/../../../../../@example.com/tree/a', - '/gitlab/gitlabhq/-/refs/feature#45/logs_tree/../../../../../-/example.com/tree/a' end describe Projects::MergeRequestsController, 'routing' do @@ -267,9 +248,6 @@ RSpec.describe 'project routing' do let(:actions) { %i[index edit show update] } let(:base_path) { '/gitlab/gitlabhq/-/merge_requests' } end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/merge_requests", "/gitlab/gitlabhq/-/merge_requests" - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/merge_requests/1/diffs", "/gitlab/gitlabhq/-/merge_requests/1/diffs" end describe Projects::MergeRequests::CreationsController, 'routing' do @@ -298,8 +276,6 @@ RSpec.describe 'project routing' do it 'to #diffs' do expect(get('/gitlab/gitlabhq/-/merge_requests/new/diffs.json')).to route_to('projects/merge_requests/creations#diffs', namespace_id: 'gitlab', project_id: 'gitlabhq', format: 'json') end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/merge_requests/new", "/gitlab/gitlabhq/-/merge_requests/new" end describe Projects::MergeRequests::DiffsController, 'routing' do @@ -343,8 +319,6 @@ RSpec.describe 'project routing' do it 'to #raw from unscope routing' do expect(get('/gitlab/gitlabhq/snippets/1/raw')).to route_to('projects/snippets#raw', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '1') end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/snippets/1', '/gitlab/gitlabhq/-/snippets/1' end # test_project_hook POST /:project_id/-/hooks/:id/test(.:format) hooks#test @@ -362,8 +336,6 @@ RSpec.describe 'project routing' do let(:actions) { %i[index create destroy edit update] } let(:base_path) { '/gitlab/gitlabhq/-/hooks' } end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/hooks', '/gitlab/gitlabhq/-/hooks' end # retry_namespace_project_hook_hook_log POST /:project_id/-/hooks/:hook_id/hook_logs/:id/retry(.:format) projects/hook_logs#retry @@ -376,8 +348,6 @@ RSpec.describe 'project routing' do it 'to #show' do expect(get('/gitlab/gitlabhq/-/hooks/1/hook_logs/1')).to route_to('projects/hook_logs#show', namespace_id: 'gitlab', project_id: 'gitlabhq', hook_id: '1', id: '1') end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/hooks/hook_logs/1', '/gitlab/gitlabhq/-/hooks/hook_logs/1' end # project_commit GET /:project_id/commit/:id(.:format) commit#show {id: /\h{7,40}/, project_id: /[^\/]+/} @@ -388,8 +358,6 @@ RSpec.describe 'project routing' do expect(get('/gitlab/gitlabhq/-/commit/4246fbd.patch')).to route_to('projects/commit#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '4246fbd', format: 'patch') expect(get('/gitlab/gitlabhq/-/commit/4246fbd13872934f72a8fd0d6fb1317b47b59cb5')).to route_to('projects/commit#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '4246fbd13872934f72a8fd0d6fb1317b47b59cb5') end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/commit/4246fbd", "/gitlab/gitlabhq/-/commit/4246fbd" end # patch_project_commit GET /:project_id/commits/:id/patch(.:format) commits#patch @@ -405,8 +373,6 @@ RSpec.describe 'project routing' do it 'to #show' do expect(get('/gitlab/gitlabhq/-/commits/master.atom')).to route_to('projects/commits#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: 'master.atom') end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/commits/master", "/gitlab/gitlabhq/-/commits/master" end # project_project_members GET /:project_id/project_members(.:format) project_members#index @@ -465,9 +431,6 @@ RSpec.describe 'project routing' do let(:actions) { %i[index create new edit show update] } let(:base_path) { '/gitlab/gitlabhq/-/issues' } end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/issues", "/gitlab/gitlabhq/-/issues" - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/issues/1/edit", "/gitlab/gitlabhq/-/issues/1/edit" end # project_noteable_notes GET /:project_id/noteable/:target_type/:target_id/notes notes#index @@ -582,9 +545,6 @@ RSpec.describe 'project routing' do namespace_id: 'gitlab', project_id: 'gitlabhq', id: newline_file.to_s }) end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/find_file", "/gitlab/gitlabhq/-/find_file" - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/files/master", "/gitlab/gitlabhq/-/files/master" end describe Projects::BlobController, 'routing' do @@ -615,9 +575,6 @@ RSpec.describe 'project routing' do namespace_id: 'gitlab', project_id: 'gitlabhq', id: "master/docs/#{newline_file}" }) end - - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/new/master", "/gitlab/gitlabhq/-/new/master" - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/edit/master/README", "/gitlab/gitlabhq/-/edit/master/README" end # project_raw GET /:project_id/-/raw/:id(.:format) raw#show {id: /[^\0]+/, project_id: /[^\/]+/} @@ -653,9 +610,6 @@ RSpec.describe 'project routing' do expect(get('/gitlab/gitlabhq/-/compare/master...stable')).to route_to('projects/compare#show', namespace_id: 'gitlab', project_id: 'gitlabhq', from: 'master', to: 'stable') expect(get('/gitlab/gitlabhq/-/compare/issue/1234...stable')).to route_to('projects/compare#show', namespace_id: 'gitlab', project_id: 'gitlabhq', from: 'issue/1234', to: 'stable') end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/compare', '/gitlab/gitlabhq/-/compare' - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/compare/master...stable', '/gitlab/gitlabhq/-/compare/master...stable' end describe Projects::NetworkController, 'routing' do @@ -764,16 +718,12 @@ RSpec.describe 'project routing' do it 'to #show' do expect(get('/gitlab/gitlabhq/-/pipelines/12')).to route_to('projects/pipelines#show', namespace_id: 'gitlab', project_id: 'gitlabhq', id: '12') end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/pipelines', '/gitlab/gitlabhq/-/pipelines' end describe Projects::PipelineSchedulesController, 'routing' do it 'to #index' do expect(get('/gitlab/gitlabhq/-/pipeline_schedules')).to route_to('projects/pipeline_schedules#index', namespace_id: 'gitlab', project_id: 'gitlabhq') end - - it_behaves_like 'redirecting a legacy path', '/gitlab/gitlabhq/pipeline_schedules', '/gitlab/gitlabhq/-/pipeline_schedules' end describe Projects::Settings::OperationsController, 'routing' do @@ -869,26 +819,26 @@ RSpec.describe 'project routing' do end describe Projects::EnvironmentsController, 'routing' do - describe 'legacy routing' do - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/environments", "/gitlab/gitlabhq/-/environments" + # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/411431 + it 'routes to projects/environments#index' do + expect(get('/gitlab/gitlabhq/-/environments')) + .to route_to('projects/environments#index', namespace_id: 'gitlab', project_id: 'gitlabhq') end end describe Projects::ClustersController, 'routing' do - describe 'legacy routing' do - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/clusters", "/gitlab/gitlabhq/-/clusters" + # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/411434 + it 'routes to projects/clusters#index' do + expect(get('/gitlab/gitlabhq/-/clusters')) + .to route_to('projects/clusters#index', namespace_id: 'gitlab', project_id: 'gitlabhq') end end describe Projects::ErrorTrackingController, 'routing' do - describe 'legacy routing' do - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/error_tracking", "/gitlab/gitlabhq/-/error_tracking" - end - end - - describe Projects::Serverless, 'routing' do - describe 'legacy routing' do - it_behaves_like 'redirecting a legacy path', "/gitlab/gitlabhq/serverless", "/gitlab/gitlabhq/-/serverless" + # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/411436 + it 'routes to projects/clusters#index' do + expect(get('/gitlab/gitlabhq/-/error_tracking')) + .to route_to('projects/error_tracking#index', namespace_id: 'gitlab', project_id: 'gitlabhq') end end |