diff options
21 files changed, 271 insertions, 193 deletions
diff --git a/app/assets/javascripts/issuable_list/components/issuable_item.vue b/app/assets/javascripts/issuable_list/components/issuable_item.vue index 92935efa6bc..7635536c54f 100644 --- a/app/assets/javascripts/issuable_list/components/issuable_item.vue +++ b/app/assets/javascripts/issuable_list/components/issuable_item.vue @@ -169,7 +169,9 @@ export default { :checked="checked" :data-id="issuable.id" @input="$emit('checked-input', $event)" - /> + > + <span class="gl-sr-only">{{ issuable.title }}</span> + </gl-form-checkbox> </div> <div class="issuable-main-info"> <div data-testid="issuable-title" class="issue-title title"> diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue index 885293b7c8a..3e7feb91b27 100644 --- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue +++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue @@ -324,7 +324,9 @@ export default { class="gl-align-self-center" :checked="checkboxChecked" @input="$emit('checked-input', $event)" - /> + > + <span class="gl-sr-only">{{ __('Select all') }}</span> + </gl-form-checkbox> <gl-filtered-search ref="filteredSearchInput" v-model="filterValue" diff --git a/app/views/projects/issues/_issue.html.haml b/app/views/projects/issues/_issue.html.haml index 838b4538cad..9c01d93f7d0 100644 --- a/app/views/projects/issues/_issue.html.haml +++ b/app/views/projects/issues/_issue.html.haml @@ -3,7 +3,9 @@ .issuable-info-container - if @can_bulk_update .issue-check.hidden - = check_box_tag dom_id(issue, "selected"), nil, false, 'data-id' => issue.id, class: "selected-issuable" + - checkbox_id = dom_id(issue, "selected") + %label.gl-sr-only{ for: checkbox_id }= issue.title + = check_box_tag checkbox_id, nil, false, 'data-id' => issue.id, class: "selected-issuable" .issuable-main-info .issue-title.title %span.issue-title-text.js-onboarding-issue-item{ dir: "auto" } diff --git a/app/views/projects/merge_requests/_merge_request.html.haml b/app/views/projects/merge_requests/_merge_request.html.haml index 6c0fc9575fc..b70bc740175 100644 --- a/app/views/projects/merge_requests/_merge_request.html.haml +++ b/app/views/projects/merge_requests/_merge_request.html.haml @@ -1,7 +1,9 @@ %li{ id: dom_id(merge_request), class: mr_css_classes(merge_request), data: { labels: merge_request.label_ids, id: merge_request.id } } - if @can_bulk_update .issue-check.hidden - = check_box_tag dom_id(merge_request, "selected"), nil, false, 'data-id' => merge_request.id, class: "selected-issuable" + - checkbox_id = dom_id(merge_request, "selected") + %label.gl-sr-only{ for: checkbox_id }= merge_request.title + = check_box_tag checkbox_id, nil, false, 'data-id' => merge_request.id, class: "selected-issuable" .issuable-info-container .issuable-main-info diff --git a/app/views/shared/issuable/_search_bar.html.haml b/app/views/shared/issuable/_search_bar.html.haml index 831fe784acf..3e89969f46e 100644 --- a/app/views/shared/issuable/_search_bar.html.haml +++ b/app/views/shared/issuable/_search_bar.html.haml @@ -20,7 +20,9 @@ = hidden_field_tag :search, params[:search] - if @can_bulk_update .check-all-holder.d-none.d-sm-block.hidden - = check_box_tag "check-all-issues", nil, false, class: "check-all-issues left" + - checkbox_id = 'check-all-issues' + %label.gl-sr-only{ for: checkbox_id }= _('Select all') + = check_box_tag checkbox_id, nil, false, class: "check-all-issues left" - if Feature.enabled?(:boards_filtered_search, @group) && is_epic_board #js-board-filtered-search{ data: { full_path: @group&.full_path } } - else diff --git a/changelogs/unreleased/329511-enable-by-default-optimize-batched-migrations.yml b/changelogs/unreleased/329511-enable-by-default-optimize-batched-migrations.yml new file mode 100644 index 00000000000..7955164a7bf --- /dev/null +++ b/changelogs/unreleased/329511-enable-by-default-optimize-batched-migrations.yml @@ -0,0 +1,5 @@ +--- +title: Enable by default automatic optimization of batched background migrations +merge_request: 61317 +author: +type: added diff --git a/config/feature_flags/ops/optimize_batched_migrations.yml b/config/feature_flags/ops/optimize_batched_migrations.yml index 7d906f9b0d0..ff36d1338f1 100644 --- a/config/feature_flags/ops/optimize_batched_migrations.yml +++ b/config/feature_flags/ops/optimize_batched_migrations.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/328817 milestone: '13.12' type: ops group: group::database -default_enabled: false +default_enabled: true diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md index 6625742e312..978cbff625c 100644 --- a/doc/api/merge_request_approvals.md +++ b/doc/api/merge_request_approvals.md @@ -1068,7 +1068,7 @@ POST /projects/:id/merge_requests/:merge_request_iid/approve | `id` | integer | yes | The ID of a project | | `merge_request_iid` | integer | yes | The IID of MR | | `sha` | string | no | The HEAD of the MR | -| `approval_password` **(PREMIUM)** | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-authentication-when-approving-a-merge-request) is enabled in the project settings. | +| `approval_password` **(PREMIUM)** | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-authentication-for-approvals) is enabled in the project settings. | The `sha` parameter works in the same way as when [accepting a merge request](merge_requests.md#accept-mr): if it is passed, then it must diff --git a/doc/ci/yaml/README.md b/doc/ci/yaml/README.md index 3a8b3adb4b2..e9b3a2213c8 100644 --- a/doc/ci/yaml/README.md +++ b/doc/ci/yaml/README.md @@ -152,6 +152,13 @@ are the default pipeline stages. If a job does not specify a [`stage`](#stage), the job is assigned the `test` stage. +If a stage is defined, but no jobs use it, the stage is not visible in the pipeline. This is +useful for [compliance pipeline configuration](../../user/project/settings/index.md#compliance-pipeline-configuration) +because: + +- Stages can be defined in the compliance configuration but remain hidden if not used. +- The defined stages become visible when developers use them in job definitions. + To make a job start earlier and ignore the stage order, use the [`needs`](#needs) keyword. diff --git a/doc/user/admin_area/monitoring/background_migrations.md b/doc/user/admin_area/monitoring/background_migrations.md index a68d7109429..50593959710 100644 --- a/doc/user/admin_area/monitoring/background_migrations.md +++ b/doc/user/admin_area/monitoring/background_migrations.md @@ -46,3 +46,36 @@ To disable it: ```ruby Feature.disable(:execute_batched_migrations_on_schedule) ``` + +## Automatic batch size optimization **(FREE SELF)** + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60133) in GitLab 13.12. +> - [Deployed behind a feature flag](../../../user/feature_flags.md), disabled by default. +> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/329511) in GitLab 13.12. +> - Enabled on GitLab.com. +> - Recommended for production use. +> - For GitLab self-managed instances, GitLab administrators can opt to [disable it](#enable-or-disable-automatic-batch-size-optimization). **(FREE SELF)** + +There can be [risks when disabling released features](../../../user/feature_flags.md#risks-when-disabling-released-features). +Refer to this feature's version history for more details. + +To maximize throughput of batched background migrations (in terms of the number of tuples updated per time unit), batch sizes are automatically adjusted based on how long the previous batches took to complete. + +## Enable or disable automatic batch size optimization **(FREE SELF)** + +Automatic batch size optimization for Batched Background Migrations is under development but ready for production use. +It is deployed behind a feature flag that is **enabled by default**. +[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) +can opt to disable it. + +To enable it: + +```ruby +Feature.enable(:optimize_batched_migrations) +``` + +To disable it: + +```ruby +Feature.disable(:optimize_batched_migrations) +``` diff --git a/doc/user/application_security/api_fuzzing/index.md b/doc/user/application_security/api_fuzzing/index.md index dc3a8d68628..8511c919c14 100644 --- a/doc/user/application_security/api_fuzzing/index.md +++ b/doc/user/application_security/api_fuzzing/index.md @@ -111,13 +111,14 @@ To generate an API Fuzzing configuration snippet: ### OpenAPI Specification -> Support for OpenAPI Specification v3 was +> Support for OpenAPI Specification using YAML format was +> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0. +> Support for OpenAPI Specification v3.0 was > [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228652) in GitLab 13.9. -The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an -API description format for REST APIs. This section shows you how to configure API fuzzing by using -an OpenAPI Specification to provide information about the target API to test. OpenAPI Specifications -are provided as a file system resource or URL. +The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an API description format for REST APIs. +This section shows you how to configure API fuzzing using an OpenAPI Specification to provide information about the target API to test. +OpenAPI Specifications are provided as a file system resource or URL. Both JSON and YAML OpenAPI formats are supported. API fuzzing uses an OpenAPI document to generate the request body. When a request body is required, the body generation is limited to these body types: diff --git a/doc/user/application_security/dast_api/index.md b/doc/user/application_security/dast_api/index.md index 939a037a32d..5e47f545ef9 100644 --- a/doc/user/application_security/dast_api/index.md +++ b/doc/user/application_security/dast_api/index.md @@ -68,10 +68,12 @@ starting in GitLab 14.0, GitLab will not check your repository's root for config ### OpenAPI Specification -The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an -API description format for REST APIs. This section shows you how to configure DAST API by using -an OpenAPI specification to provide information about the target API to test. OpenAPI specifications -are provided as a file system resource or URL. +> Support for OpenAPI Specification using YAML format was +> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0. + +The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an API description format for REST APIs. +This section shows you how to configure API fuzzing using an OpenAPI Specification to provide information about the target API to test. +OpenAPI Specifications are provided as a file system resource or URL. Both JSON and YAML OpenAPI formats are supported. DAST API uses an OpenAPI document to generate the request body. When a request body is required, the body generation is limited to these body types: diff --git a/doc/user/compliance/compliance_dashboard/index.md b/doc/user/compliance/compliance_dashboard/index.md index 7d4d0da7062..21af6387f9d 100644 --- a/doc/user/compliance/compliance_dashboard/index.md +++ b/doc/user/compliance/compliance_dashboard/index.md @@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36524) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.8. -The Compliance Dashboard gives you the ability to see a group's Merge Request activity +The Compliance Dashboard gives you the ability to see a group's merge request activity by providing a high-level view for all projects in the group. For example, code approved for merging into production. @@ -28,10 +28,10 @@ This feature is for people who care about the compliance status of projects with You can use the dashboard to: -- Get an overview of the latest Merge Request for each project. -- See if Merge Requests were approved and by whom. -- See Merge Request authors. -- See the latest [CI Pipeline](../../../ci/pipelines/index.md) result for each Merge Request. +- Get an overview of the latest merge request for each project. +- See if merge requests were approved and by whom. +- See merge request authors. +- See the latest [CI Pipeline](../../../ci/pipelines/index.md) result for each merge request. ## Permissions @@ -42,25 +42,25 @@ You can use the dashboard to: > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/217939) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3. -We support a separation of duties policy between users who create and approve Merge Requests. +We support a separation of duties policy between users who create and approve merge requests. The approval status column can help you identify violations of this policy. Our criteria for the separation of duties is as follows: -- [A Merge Request author is **not** allowed to approve their Merge Request](../../project/merge_requests/approvals/settings.md#allowing-merge-request-authors-to-approve-their-own-merge-requests) -- [A Merge Request committer is **not** allowed to approve a Merge Request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approval-of-merge-requests-by-their-committers) -- [The minimum number of approvals required to merge a Merge Request is **at least** two](../../project/merge_requests/approvals/rules.md) +- [A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-authors-from-approving-their-own-work) +- [A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-committers-from-approving-their-own-work) +- [The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md) -The "Approval status" column shows you, at a glance, whether a Merge Request is complying with the above. +The "Approval status" column shows you, at a glance, whether a merge request is complying with the above. This column has four states: | State | Description | |:------|:------------| -| Empty | The Merge Request approval status is unknown | -|  | The Merge Request **does not** comply with any of the above criteria | -|  | The Merge Request complies with **some** of the above criteria | -|  | The Merge Request complies with **all** of the above criteria | +| Empty | The merge request approval status is unknown | +|  | The merge request **does not** comply with any of the above criteria | +|  | The merge request complies with **some** of the above criteria | +|  | The merge request complies with **all** of the above criteria | -If you do not see the success icon in your Compliance dashboard; please review the above criteria for the Merge Requests +If you do not see the success icon in your Compliance dashboard; please review the above criteria for the merge requests project to make sure it complies with the separation of duties described above. ## Chain of Custody report **(ULTIMATE)** diff --git a/doc/user/project/merge_requests/approvals/index.md b/doc/user/project/merge_requests/approvals/index.md index 1f64eee033c..ac48e44da52 100644 --- a/doc/user/project/merge_requests/approvals/index.md +++ b/doc/user/project/merge_requests/approvals/index.md @@ -26,19 +26,20 @@ rules to define what types of users can approve work. Some examples of rules you - Users with specific permissions can always approve work. - [Code owners](../../code_owners.md) can approve work for files they own. -- Users with specific permissions can approve work, even if they don't have merge rights +- Users with specific permissions can approve work, + [even if they don't have merge rights](rules.md#merge-request-approval-segregation-of-duties) to the repository. - Users with specific permissions can be allowed or denied the ability - to override approval rules on a specific merge request. + to [override approval rules on a specific merge request](rules.md#edit-or-override-merge-request-approval-rules). You can also configure additional [settings for merge request approvals](settings.md) for more control of the level of oversight and security your project needs, including: -- Prevent users from overriding a merge request approval rule. -- Reset approvals when new code is pushed. -- Allow (or disallow) authors and committers to approve their own merge requests. -- Require password authentication when approving. -- Require security team approval. +- [Prevent users from overriding a merge request approval rule.](settings.md#prevent-overrides-of-default-approvals) +- [Reset approvals when new code is pushed.](settings.md#reset-approvals-on-push) +- Allow (or disallow) [authors and committers](settings.md) to approve their own merge requests. +- [Require password authentication when approving.](settings.md#require-authentication-for-approvals) +- [Require security team approval.](settings.md#security-approvals-in-merge-requests) You can configure your merge request approval rules and settings through the GitLab user interface or [with the API](../../../../api/merge_request_approvals.md). @@ -63,10 +64,10 @@ such as merge conflicts, [pending discussions](../../../discussions/index.md#onl or a [failed CI/CD pipeline](../merge_when_pipeline_succeeds.md). To prevent merge request authors from approving their own merge requests, -enable [**Prevent author approval**](settings.md#allowing-merge-request-authors-to-approve-their-own-merge-requests) +enable [**Prevent author approval**](settings.md#prevent-authors-from-approving-their-own-work) in your project's settings. -If you enable [approval rule overrides](settings.md#prevent-overriding-default-approvals), +If you enable [approval rule overrides](settings.md#prevent-overrides-of-default-approvals), merge requests created before a change to default approval rules are not affected. The only exceptions are changes to the [target branch](rules.md#approvals-for-protected-branches) of the rule. @@ -118,7 +119,7 @@ You can modify your external approval rules The lack of an external approval doesn't block the merging of a merge request. -When [approval rule overrides](settings.md#prevent-overriding-default-approvals) are allowed, +When [approval rule overrides](settings.md#prevent-overrides-of-default-approvals) are allowed, changes to default approval rules will **not** be applied to existing merge requests, except for changes to the [target branch](rules.md#approvals-for-protected-branches) of the rule. diff --git a/doc/user/project/merge_requests/approvals/rules.md b/doc/user/project/merge_requests/approvals/rules.md index 3e40936f887..32f0160771f 100644 --- a/doc/user/project/merge_requests/approvals/rules.md +++ b/doc/user/project/merge_requests/approvals/rules.md @@ -49,7 +49,7 @@ Users of GitLab Premium and higher tiers can create [additional approval rules]( Your configuration for approval rule overrides determines if the new rule is applied to existing merge requests: -- If [approval rule overrides](settings.md#prevent-overriding-default-approvals) are allowed, +- If [approval rule overrides](settings.md#prevent-overrides-of-default-approvals) are allowed, changes to these default rules are not applied to existing merge requests, except for changes to the [target branch](#approvals-for-protected-branches) of the rule. - If approval rule overrides are not allowed, all changes to default rules @@ -138,10 +138,10 @@ approve in these ways: counts as one approver, and not two. - Merge request authors do not count as eligible approvers on their own merge requests by default. To change this behavior, disable the - [**Prevent author approval**](settings.md#allowing-merge-request-authors-to-approve-their-own-merge-requests) + [**Prevent author approval**](settings.md#prevent-authors-from-approving-their-own-work) project setting. - Committers to merge requests can approve a merge request. To change this behavior, enable the - [**Prevent committers approval**](settings.md#prevent-approval-of-merge-requests-by-their-committers) + [**Prevent committers approval**](settings.md#prevent-committers-from-approving-their-own-work) project setting. ### Code owners as eligible approvers @@ -200,7 +200,7 @@ on a merge request, you can either add or remove approvers: 1. Add or remove your desired approval rules. 1. Select **Save changes**. -Administrators can change the [merge request approvals settings](settings.md#prevent-overriding-default-approvals) +Administrators can change the [merge request approvals settings](settings.md#prevent-overrides-of-default-approvals) to prevent users from overriding approval rules for merge requests. ## Configure optional approval rules diff --git a/doc/user/project/merge_requests/approvals/settings.md b/doc/user/project/merge_requests/approvals/settings.md index a21d74162ab..8769f6a7470 100644 --- a/doc/user/project/merge_requests/approvals/settings.md +++ b/doc/user/project/merge_requests/approvals/settings.md @@ -7,91 +7,119 @@ type: reference, concepts # Merge request approval settings -The settings for merge request approvals are found by going to -**Settings > General** and expanding **Merge request (MR) approvals**. +You can configure the settings for [merge request approvals](index.md) to +ensure the approval rules meet your use case. You can also configure +[approval rules](rules.md), which define the number and type of users who must +approve work before it's merged. Merge request approval settings define how +those rules are applied as a merge request moves toward completion. -## Prevent overriding default approvals +## Edit merge request approval settings -Regardless of the approval rules you choose for your project, users can edit them in every merge -request, overriding the [rules you set as default](rules.md#add-an-approval-rule). -To prevent that from happening: +To view or edit merge request approval settings: -1. Select the **Prevent users from modifying MR approval rules in merge requests.** checkbox. -1. Click **Save changes**. +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. -### Resetting approvals on push +In this section of general settings, you can configure the settings described +on this page. -You can force all approvals on a merge request to be removed when new commits are -pushed to the source branch of the merge request. If disabled, approvals persist -even if there are changes added to the merge request. To enable this feature: +## Prevent overrides of default approvals -1. Check the **Require new approvals when new commits are added to an MR.** - checkbox. -1. Click **Save changes**. +By default, users can override the approval rules you [create for a project](rules.md) +on a per-merge request basis. If you don't want users to change approval rules +on merge requests, you can disable this setting: -NOTE: -Approvals do not get reset when [rebasing a merge request](../fast_forward_merge.md) -from the UI. However, approvals are reset if the target branch is changed. +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. +1. Select the **Prevent users from modifying MR approval rules in merge requests** checkbox. +1. Select **Save changes**. -### Allowing merge request authors to approve their own merge requests **(PREMIUM)** +TODO This change affects all open merge requests. + +## Reset approvals on push + +By default, an approval on a merge request remains in place, even if you add more changes +after the approval. If you want to remove all existing approvals on a merge request +when more changes are added to it: + +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. +1. Select the **Require new approvals when new commits are added to an MR** checkbox. +1. Select **Save changes**. + +Approvals aren't reset when a merge request is [rebased from the UI](../fast_forward_merge.md) +However, approvals are reset if the target branch is changed. + +## Prevent authors from approving their own work **(PREMIUM)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3349) in GitLab 11.3. > - Moved to GitLab Premium in 13.9. -By default, projects are configured to prevent merge requests from being approved by -their own authors. To change this setting: +By default, the author of a merge request cannot approve it. To change this setting: -1. Go to your project's **Settings > General**, expand **Merge request (MR) approvals**. -1. Uncheck the **Prevent MR approval by the author.** checkbox. -1. Click **Save changes**. +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. +1. Clear the **Prevent MR approval by the author** checkbox. +1. Select **Save changes**. -Note that users can edit the approval rules in every merge request and override pre-defined settings unless it's set [**not to allow** overrides](#prevent-overriding-default-approvals). +Authors can edit the approval rule in an individual merge request and override +this setting, unless you configure one of these options: -You can prevent authors from approving their own merge requests -[at the instance level](../../../admin_area/merge_requests_approvals.md). When enabled, -this setting is disabled on the project level, and not editable. +- [Prevent overrides of default approvals](#prevent-overrides-of-default-approvals) at + the project level. +- *(Self-managed instances only)* Prevent overrides of default approvals + [at the instance level](../../../admin_area/merge_requests_approvals.md). When configured + at the instance level, you can't edit this setting at the project or individual + merge request levels. -### Prevent approval of merge requests by their committers **(PREMIUM)** +## Prevent committers from approving their own work **(PREMIUM)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10441) in GitLab 11.10. > - Moved to GitLab Premium in 13.9. -You can prevent users who have committed to a merge request from approving it, -though code authors can still approve. You can enable this feature -[at the instance level](../../../admin_area/merge_requests_approvals.md), which -disables changes to this feature at the project level. If you prefer to manage -this feature at the project level, you can: +By default, users who commit to a merge request can still approve it. At both +the project level or [instance level](../../../admin_area/merge_requests_approvals.md) +you can prevent committers from approving merge requests that are partially +their own. To do this: -1. Check the **Prevent MR approvals from users who make commits to the MR.** checkbox. - If this check box is disabled, this feature has been disabled - [at the instance level](../../../admin_area/merge_requests_approvals.md). -1. Click **Save changes**. +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. +1. Select the **Prevent MR approvals from users who make commits to the MR** checkbox. + If this checkbox is cleared, an administrator has disabled it + [at the instance level](../../../admin_area/merge_requests_approvals.md), and + it can't be changed at the project level. +1. Select **Save changes**. -Read the official Git documentation for an explanation of the -[differences between authors and committers](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History). +Even with this configuration, [code owners](../../code_owners.md) who contribute +to a merge request can approve merge requests that affect files they own. -### Require authentication when approving a merge request +To learn more about the [differences between authors and committers](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History), +read the official Git documentation for an explanation. + +## Require authentication for approvals > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5981) in GitLab 12.0. > - Moved to GitLab Premium in 13.9. -NOTE: -To require authentication when approving a merge request, you must enable -**Password authentication enabled for web interface** under [sign-in restrictions](../../../admin_area/settings/sign_in_restrictions.md#password-authentication-enabled). -in the Admin Area. - -You can force the approver to enter a password in order to authenticate before adding -the approval. This enables an Electronic Signature for approvals such as the one defined -by [CFR Part 11](https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1&subpartNode=21:1.0.1.1.8.3)). -To enable this feature: +You can force potential approvers to first authenticate with a password. This +permission enables an electronic signature for approvals, such as the one defined by +[Code of Federal Regulations (CFR) Part 11](https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1&subpartNode=21:1.0.1.1.8.3)): -1. Check the **Require user password for approvals.** checkbox. -1. Click **Save changes**. +1. Enable password authentication for the web interface, as described in the + [sign-in restrictions documentation](../../../admin_area/settings/sign_in_restrictions.md#password-authentication-enabled). +1. Go to your project and select **Settings > General**. +1. Expand **Merge request (MR) approvals**. +1. Select the **Require user password for approvals** checkbox. +1. Select **Save changes**. ## Security approvals in merge requests **(ULTIMATE)** -Merge request approvals can be configured to require approval from a member -of your security team when a vulnerability would be introduced by a merge request. - -For more information, see +You can require that a member of your security team approves a merge request if a +merge request could introduce a vulnerability. To learn more, see [Security approvals in merge requests](../../../application_security/index.md#security-approvals-in-merge-requests). + +## Related links + +- [Instance-level merge request approval settings](../../../admin_area/merge_requests_approvals.md) +- [Compliance Dashboard](../../../compliance/compliance_dashboard/index.md) +- [Merge request approvals API](../../../../api/merge_request_approvals.md) diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md index d38ac78162d..d3177aa7585 100644 --- a/doc/user/project/settings/index.md +++ b/doc/user/project/settings/index.md @@ -77,7 +77,9 @@ The user running the pipeline in the project should at least have Reporter acces Example `.compliance-gitlab-ci.yml` ```yaml -stages: # Allows compliance team to control the ordering and interweaving of stages/jobs +# Allows compliance team to control the ordering and interweaving of stages/jobs. +# Stages without jobs defined will remain hidden. +stages: - pre-compliance - build - test diff --git a/lib/gitlab/database/background_migration/batch_optimizer.rb b/lib/gitlab/database/background_migration/batch_optimizer.rb index 7523c828399..0668490dda8 100644 --- a/lib/gitlab/database/background_migration/batch_optimizer.rb +++ b/lib/gitlab/database/background_migration/batch_optimizer.rb @@ -40,7 +40,7 @@ module Gitlab end def optimize! - return unless Feature.enabled?(:optimize_batched_migrations, type: :ops) + return unless Feature.enabled?(:optimize_batched_migrations, type: :ops, default_enabled: :yaml) if multiplier = batch_size_multiplier migration.batch_size = (migration.batch_size * multiplier).to_i.clamp(ALLOWED_BATCH_SIZE) diff --git a/spec/features/issues/user_bulk_edits_issues_labels_spec.rb b/spec/features/issues/user_bulk_edits_issues_labels_spec.rb index 80bf964e2ee..97df2d0208b 100644 --- a/spec/features/issues/user_bulk_edits_issues_labels_spec.rb +++ b/spec/features/issues/user_bulk_edits_issues_labels_spec.rb @@ -20,17 +20,13 @@ RSpec.describe 'Issues > Labels bulk assignment' do end context 'sidebar' do - before do - enable_bulk_update - end - it 'is present when bulk edit is enabled' do - expect(page).to have_css('.issuable-sidebar') + enable_bulk_update + expect(page).to have_css 'aside[aria-label="Bulk update"]' end it 'is not present when bulk edit is disabled' do - disable_bulk_update - expect(page).not_to have_css('.issuable-sidebar') + expect(page).not_to have_css 'aside[aria-label="Bulk update"]' end end @@ -42,7 +38,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'a label' do context 'to all issues' do before do - check 'check-all-issues' + check 'Select all' open_labels_dropdown ['bug'] update_issues end @@ -57,8 +53,8 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'to some issues' do before do - check "selected_issue_#{issue1.id}" - check "selected_issue_#{issue2.id}" + check issue1.title + check issue2.title open_labels_dropdown ['bug'] update_issues end @@ -73,7 +69,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'to an issue' do before do - check "selected_issue_#{issue1.id}" + check issue1.title open_labels_dropdown ['bug'] update_issues end @@ -89,7 +85,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'to an issue by selecting the label first' do before do open_labels_dropdown ['bug'] - check "selected_issue_#{issue1.id}" + check issue1.title update_issues end @@ -105,7 +101,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'multiple labels' do context 'to all issues' do before do - check 'check-all-issues' + check 'Select all' open_labels_dropdown %w(bug feature) update_issues end @@ -120,7 +116,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'to a issue' do before do - check "selected_issue_#{issue1.id}" + check issue1.title open_labels_dropdown %w(bug feature) update_issues end @@ -141,7 +137,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do issue2.labels << feature enable_bulk_update - check 'check-all-issues' + check 'Select all' open_labels_dropdown ['bug'] update_issues @@ -162,7 +158,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do issue2.labels << feature enable_bulk_update - check 'check-all-issues' + check 'Select all' unmark_labels_in_dropdown %w(bug feature) update_issues end @@ -229,7 +225,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do expect(find("#issue_#{issue1.id}")).to have_content 'bug' expect(find("#issue_#{issue2.id}")).to have_content 'feature' - check 'check-all-issues' + check 'Select all' open_milestone_dropdown(['First Release']) update_issues @@ -250,7 +246,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do it 'keeps existing label and new label is present' do expect(find("#issue_#{issue1.id}")).to have_content 'bug' - check 'check-all-issues' + check 'Select all' open_milestone_dropdown ['First Release'] open_labels_dropdown ['feature'] update_issues @@ -277,7 +273,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do expect(find("#issue_#{issue1.id}")).to have_content 'bug' expect(find("#issue_#{issue2.id}")).to have_content 'feature' - check 'check-all-issues' + check 'Select all' open_milestone_dropdown ['First Release'] unmark_labels_in_dropdown ['feature'] @@ -309,7 +305,7 @@ RSpec.describe 'Issues > Labels bulk assignment' do expect(find("#issue_#{issue2.id}")).to have_content 'feature' expect(find("#issue_#{issue2.id}")).to have_content 'First Release' - check 'check-all-issues' + check 'Select all' open_milestone_dropdown(['No milestone']) update_issues @@ -369,31 +365,31 @@ RSpec.describe 'Issues > Labels bulk assignment' do end it 'applies label from filtered results' do - check 'check-all-issues' + check 'Select all' - page.within('.issues-bulk-update') do + within('aside[aria-label="Bulk update"]') do click_button 'Select labels' wait_for_requests - expect(find('.dropdown-menu-labels li', text: 'bug')).to have_css('.is-active') - expect(find('.dropdown-menu-labels li', text: 'feature')).to have_css('.is-indeterminate') + expect(page).to have_link 'bug', class: 'is-active' + expect(page).to have_link 'feature', class: 'is-indeterminate' click_link 'bug' - find('.dropdown-input-field', visible: true).set('wontfix') + fill_in 'Search', with: 'wontfix' click_link 'wontfix' end update_issues - page.within '.issues-holder' do - expect(find("#issue_#{issue1.id}")).not_to have_content 'bug' - expect(find("#issue_#{issue1.id}")).to have_content 'feature' - expect(find("#issue_#{issue1.id}")).to have_content 'wontfix' + first_issue = find("#issue_#{issue1.id}") + expect(first_issue).not_to have_content 'bug' + expect(first_issue).to have_content 'feature' + expect(first_issue).to have_content 'wontfix' - expect(find("#issue_#{issue2.id}")).not_to have_content 'bug' - expect(find("#issue_#{issue2.id}")).not_to have_content 'feature' - expect(find("#issue_#{issue2.id}")).to have_content 'wontfix' - end + second_issue = find("#issue_#{issue2.id}") + expect(second_issue).not_to have_content 'bug' + expect(second_issue).not_to have_content 'feature' + expect(second_issue).to have_content 'wontfix' end end end @@ -408,24 +404,22 @@ RSpec.describe 'Issues > Labels bulk assignment' do context 'cannot bulk assign labels' do it do expect(page).not_to have_button 'Edit issues' - expect(page).not_to have_css '.check-all-issues' - expect(page).not_to have_css '.issue-check' + expect(page).not_to have_unchecked_field 'Select all' + expect(page).not_to have_unchecked_field issue1.title end end end def open_milestone_dropdown(items = []) - page.within('.issues-bulk-update') do - click_button 'Select milestone' - wait_for_requests - items.map do |item| - click_link item - end + click_button 'Select milestone' + wait_for_requests + items.map do |item| + click_link item end end def open_labels_dropdown(items = [], unmark = false) - page.within('.issues-bulk-update') do + within('aside[aria-label="Bulk update"]') do click_button 'Select labels' wait_for_requests items.map do |item| @@ -446,12 +440,10 @@ RSpec.describe 'Issues > Labels bulk assignment' do end def check_issue(issue, uncheck = false) - page.within('.issues-list') do - if uncheck - uncheck "selected_issue_#{issue.id}" - else - check "selected_issue_#{issue.id}" - end + if uncheck + uncheck issue.title + else + check issue.title end end @@ -460,12 +452,13 @@ RSpec.describe 'Issues > Labels bulk assignment' do end def update_issues - find('.update-selected-issues').click + click_button 'Update all' wait_for_requests end def enable_bulk_update visit project_issues_path(project) + wait_for_requests click_button 'Edit issues' end diff --git a/spec/features/issues/user_bulk_edits_issues_spec.rb b/spec/features/issues/user_bulk_edits_issues_spec.rb index eb78e4e2456..e34c16e27ba 100644 --- a/spec/features/issues/user_bulk_edits_issues_spec.rb +++ b/spec/features/issues/user_bulk_edits_issues_spec.rb @@ -17,10 +17,10 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do visit project_issues_path(project) click_button 'Edit issues' - find('#check-all-issues').click - find('.js-issue-status').click + check 'Select all' + click_button 'Select status' + click_link 'Closed' - find('.dropdown-menu-status a', text: 'Closed').click click_update_issues_button expect(page).to have_selector('.issue', count: 0) end @@ -30,10 +30,10 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do visit project_issues_path(project, state: 'closed') click_button 'Edit issues' - find('#check-all-issues').click - find('.js-issue-status').click + check 'Select all' + click_button 'Select status' + click_link 'Open' - find('.dropdown-menu-status a', text: 'Open').click click_update_issues_button expect(page).to have_selector('.issue', count: 0) end @@ -44,10 +44,10 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do visit project_issues_path(project) click_button 'Edit issues' - find('#check-all-issues').click + check 'Select all' click_update_assignee_button + click_link user.username - find('.dropdown-menu-user-link', text: user.username).click click_update_issues_button page.within('.issue .controls') do @@ -59,13 +59,15 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do create_assigned visit project_issues_path(project) + expect(find('.issue:first-of-type')).to have_link "Assigned to #{user.name}" + click_button 'Edit issues' - find('#check-all-issues').click + check 'Select all' click_update_assignee_button - click_link 'Unassigned' click_update_issues_button - expect(find('.issue:first-child .controls')).not_to have_css('.author-link') + + expect(find('.issue:first-of-type')).not_to have_link "Assigned to #{user.name}" end end @@ -76,10 +78,9 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do visit project_issues_path(project) click_button 'Edit issues' - find('#check-all-issues').click - find('.issues-bulk-update .js-milestone-select').click - - find('.dropdown-menu-milestone a', text: milestone.title).click + check 'Select all' + click_button 'Select milestone' + click_link milestone.title click_update_issues_button expect(page.find('.issue')).to have_content milestone.title @@ -91,16 +92,15 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do wait_for_requests - expect(first('.issue')).to have_content milestone.title + expect(find('.issue:first-of-type')).to have_text milestone.title click_button 'Edit issues' - find('#check-all-issues').click - find('.issues-bulk-update .js-milestone-select').click - - find('.dropdown-menu-milestone a', text: "No milestone").click + check 'Select all' + click_button 'Select milestone' + click_link 'No milestone' click_update_issues_button - expect(find('.issue:first-child')).not_to have_content milestone.title + expect(find('.issue:first-of-type')).not_to have_text milestone.title end end @@ -117,12 +117,12 @@ RSpec.describe 'Multiple issue updating from issues#index', :js do end def click_update_assignee_button - find('.js-update-assignee').click + click_button 'Select assignee' wait_for_requests end def click_update_issues_button - find('.update-selected-issues').click + click_button 'Update all' wait_for_requests end end diff --git a/spec/features/merge_requests/user_mass_updates_spec.rb b/spec/features/merge_requests/user_mass_updates_spec.rb index 179bf84a729..0fe69c5ca5b 100644 --- a/spec/features/merge_requests/user_mass_updates_spec.rb +++ b/spec/features/merge_requests/user_mass_updates_spec.rb @@ -44,7 +44,7 @@ RSpec.describe 'Merge requests > User mass updates', :js do click_button 'Edit merge requests' - expect(page).not_to have_css('.js-issue-status') + expect(page).not_to have_button 'Select status' end end @@ -57,9 +57,7 @@ RSpec.describe 'Merge requests > User mass updates', :js do it 'updates merge request with assignee' do change_assignee(user.name) - page.within('.merge-request .controls') do - expect(find('.author-link')["title"]).to have_content(user.name) - end + expect(find('.merge-request')).to have_link "Assigned to #{user.name}" end end @@ -72,7 +70,7 @@ RSpec.describe 'Merge requests > User mass updates', :js do it 'removes assignee from the merge request' do change_assignee('Unassigned') - expect(find('.merge-request .controls')).not_to have_css('.author-link') + expect(find('.merge-request')).not_to have_link "Assigned to #{user.name}" end end end @@ -109,35 +107,33 @@ RSpec.describe 'Merge requests > User mass updates', :js do def change_status(text) click_button 'Edit merge requests' - find('#check-all-issues').click - find('.js-issue-status').click - find('.dropdown-menu-status a', text: text).click + check 'Select all' + click_button 'Select status' + click_link text click_update_merge_requests_button end def change_assignee(text) click_button 'Edit merge requests' - find('#check-all-issues').click - find('.js-update-assignee').click - wait_for_requests - - page.within '.dropdown-menu-user' do + check 'Select all' + within 'aside[aria-label="Bulk update"]' do + click_button 'Select assignee' + wait_for_requests click_link text end - click_update_merge_requests_button end def change_milestone(text) click_button 'Edit merge requests' - find('#check-all-issues').click - find('.issues-bulk-update .js-milestone-select').click - find('.dropdown-menu-milestone a', text: text).click + check 'Select all' + click_button 'Select milestone' + click_link text click_update_merge_requests_button end def click_update_merge_requests_button - find('.update-selected-issues').click + click_button 'Update all' wait_for_requests end end |