diff options
Diffstat (limited to 'config')
27 files changed, 201 insertions, 63 deletions
diff --git a/config/application.rb b/config/application.rb index 5100ec5d2b7..6436f887d14 100644 --- a/config/application.rb +++ b/config/application.rb @@ -113,7 +113,7 @@ module Gitlab config.action_view.sanitized_allowed_protocols = %w(smb) - config.middleware.insert_before Warden::Manager, Rack::Attack + config.middleware.insert_after Warden::Manager, Rack::Attack # Allow access to GitLab API from other domains config.middleware.insert_before Warden::Manager, Rack::Cors do diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml index 3af7f7bd5c0..60df92a44fc 100644 --- a/config/dependency_decisions.yml +++ b/config/dependency_decisions.yml @@ -459,9 +459,9 @@ :versions: [] :when: 2017-09-13 17:31:16.425819400 Z - - :approve - - gitlab-svgs + - "@gitlab-org/gitlab-svgs" - :who: Tim Zallmann - :why: Our own library - https://gitlab.com/gitlab-org/gitlab-svgs + :why: Our own library - GitLab License https://gitlab.com/gitlab-org/gitlab-svgs :versions: [] :when: 2017-09-19 14:36:32.795496000 Z - - :license @@ -471,3 +471,35 @@ :why: :versions: [] :when: 2017-10-17 17:46:12.367554000 Z +- - :license + - component-emitter + - MIT + - :who: Winnie Hellmann + :why: package.json does not specify the license (README.md does) + :versions: + - 1.1.2 + :when: 2017-11-13 12:23:10.502463000 Z +- - :license + - json-schema + - BSD + - :who: Winnie Hellmann + :why: https://github.com/kriszyp/json-schema/blob/v0.2.3/package.json#L18-L19 + :versions: + - 0.2.3 + :when: 2017-11-16 12:52:18.286091000 Z +- - :license + - node-forge + - New BSD + - :who: Winnie Hellmann + :why: https://github.com/digitalbazaar/forge/blob/0.6.33/LICENSE + :versions: + - 0.6.33 + :when: 2017-11-16 12:56:17.974767000 Z +- - :license + - sntp + - BSD + - :who: Winnie Hellmann + :why: https://github.com/hueniverse/sntp/blob/v1.0.9/package.json#L28-L29 + :versions: + - 1.0.9 + :when: 2017-11-16 13:02:06.765282000 Z diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index dfc69e358cb..0ffacad400b 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -581,8 +581,8 @@ production: &base upload_pack: true receive_pack: true - # Git import/fetch timeout - # git_timeout: 800 + # Git import/fetch timeout, in seconds. Defaults to 3 hours. + # git_timeout: 10800 # If you use non-standard ssh port you need to specify it # ssh_port: 22 @@ -693,6 +693,8 @@ test: # user: YOUR_USERNAME pages: path: tmp/tests/pages + artifacts: + path: tmp/tests/artifacts repositories: storages: default: diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 224ae5aa56b..b0cfd50233a 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -256,7 +256,7 @@ rescue ArgumentError # no user configured end Settings.gitlab['time_zone'] ||= nil Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil? -Settings.gitlab['password_authentication_enabled'] ||= true if Settings.gitlab['password_authentication_enabled'].nil? +Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil? Settings.gitlab['restricted_visibility_levels'] = Settings.__send__(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], []) Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil? Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil? @@ -443,7 +443,7 @@ Settings.gitlab_shell['ssh_port'] ||= 22 Settings.gitlab_shell['ssh_user'] ||= Settings.gitlab.user Settings.gitlab_shell['owner_group'] ||= Settings.gitlab.user Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix) -Settings.gitlab_shell['git_timeout'] ||= 800 +Settings.gitlab_shell['git_timeout'] ||= 10800 # # Workhorse diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index e8f33593fe0..eb7959e4da6 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -11,15 +11,12 @@ Prometheus::Client.configure do |config| config.multiprocess_files_dir ||= Rails.root.join('tmp/prometheus_multiproc_dir') end - config.pid_provider = -> do - wid = Prometheus::Client::Support::Unicorn.worker_id - wid = Process.pid if wid.nil? - if wid.nil? - "process_pid_#{Process.pid}" - else - "worker_id_#{wid}" - end - end + config.pid_provider = Prometheus::Client::Support::Unicorn.method(:worker_pid_provider) +end + +Gitlab::Application.configure do |config| + # 0 should be Sentry to catch errors in this middleware + config.middleware.insert(1, Gitlab::Metrics::RequestsRackMiddleware) end Sidekiq.configure_server do |config| diff --git a/config/initializers/8_metrics.rb b/config/initializers/8_metrics.rb index 7ef594836d6..45b39b2a38d 100644 --- a/config/initializers/8_metrics.rb +++ b/config/initializers/8_metrics.rb @@ -118,11 +118,6 @@ def instrument_classes(instrumentation) end # rubocop:enable Metrics/AbcSize -Gitlab::Application.configure do |config| - # 0 should be Sentry to catch errors in this middleware - config.middleware.insert(1, Gitlab::Metrics::RequestsRackMiddleware) -end - if Gitlab::Metrics.enabled? require 'pathname' require 'influxdb' diff --git a/config/initializers/ar5_batching.rb b/config/initializers/ar5_batching.rb index 35e8b3808e2..6ebaf8834d2 100644 --- a/config/initializers/ar5_batching.rb +++ b/config/initializers/ar5_batching.rb @@ -34,6 +34,7 @@ module ActiveRecord yield yielded_relation break if ids.length < of + batch_relation = relation.where(arel_table[primary_key].gt(primary_key_offset)) end end diff --git a/config/initializers/batch_loader.rb b/config/initializers/batch_loader.rb new file mode 100644 index 00000000000..2e2256b0eb9 --- /dev/null +++ b/config/initializers/batch_loader.rb @@ -0,0 +1 @@ +Rails.application.config.middleware.use(BatchLoader::Middleware) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index c6ec0aeda7b..051ef93b205 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -195,7 +195,7 @@ Devise.setup do |config| config.navigational_formats = [:"*/*", "*/*", :html, :zip] # The default HTTP method used to sign out a resource. Default is :delete. - config.sign_out_via = :delete + config.sign_out_via = :get # ==> OmniAuth # To configure a new OmniAuth provider copy and edit omniauth.rb.sample @@ -236,6 +236,7 @@ Devise.setup do |config| provider['args'][:on_single_sign_out] = lambda do |request| ticket = request.params[:session_index] raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket) + Gitlab::OAuth::Session.destroy(:cas3, ticket) true end diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index a78711fe599..bedd57ede04 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -13,20 +13,19 @@ module Sidekiq module ClassMethods module NoSchedulingFromTransactions - NESTING = ::Rails.env.test? ? 1 : 0 - %i(perform_async perform_at perform_in).each do |name| define_method(name) do |*args| - return super(*args) if Sidekiq::Worker.skip_transaction_check - return super(*args) unless ActiveRecord::Base.connection.open_transactions > NESTING + if !Sidekiq::Worker.skip_transaction_check && AfterCommitQueue.inside_transaction? + raise <<-MSG.strip_heredoc + `#{self}.#{name}` cannot be called inside a transaction as this can lead to + race conditions when the worker runs before the transaction is committed and + tries to access a model that has not been saved yet. - raise <<-MSG.strip_heredoc - `#{self}.#{name}` cannot be called inside a transaction as this can lead to - race conditions when the worker runs before the transaction is committed and - tries to access a model that has not been saved yet. + Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead. + MSG + end - Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead. - MSG + super(*args) end end end diff --git a/config/initializers/gollum.rb b/config/initializers/gollum.rb index 1ebe3c7a742..f1066f83dd9 100644 --- a/config/initializers/gollum.rb +++ b/config/initializers/gollum.rb @@ -1,3 +1,7 @@ +# WARNING changes in this file must be manually propagated to gitaly-ruby. +# +# https://gitlab.com/gitlab-org/gitaly/blob/master/ruby/lib/gitlab/gollum.rb + module Gollum GIT_ADAPTER = "rugged".freeze end @@ -10,4 +14,32 @@ module Gollum index.send(name, *args) end end + + class Wiki + def pages(treeish = nil, limit: nil) + tree_list((treeish || @ref), limit: limit) + end + + def tree_list(ref, limit: nil) + if (sha = @access.ref_to_sha(ref)) + commit = @access.commit(sha) + tree_map_for(sha).inject([]) do |list, entry| + next list unless @page_class.valid_page_name?(entry.name) + + list << entry.page(self, commit) + break list if limit && list.size >= limit + + list + end + else + [] + end + end + end +end + +Rails.application.configure do + config.after_initialize do + Gollum::Page.per_page = Kaminari.config.default_per_page + end end diff --git a/config/initializers/math_lexer.rb b/config/initializers/math_lexer.rb deleted file mode 100644 index 8a3388a267e..00000000000 --- a/config/initializers/math_lexer.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Touch the lexers so it is registered with Rouge -Rouge::Lexers::Math diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index fddb018e948..e9e1f1c4e9b 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -3,6 +3,7 @@ if Gitlab::LDAP::Config.enabled? Gitlab::LDAP::Config.available_servers.each do |server| # do not redeclare LDAP next if server['provider_name'] == 'ldap' + const_set(server['provider_class'], Class.new(LDAP)) end end diff --git a/config/initializers/plantuml_lexer.rb b/config/initializers/plantuml_lexer.rb deleted file mode 100644 index e8a77b146fa..00000000000 --- a/config/initializers/plantuml_lexer.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Touch the lexers so it is registered with Rouge -Rouge::Lexers::Plantuml diff --git a/config/initializers/postgresql_cte.rb b/config/initializers/postgresql_cte.rb index 7f0df8949db..38a9cd68d57 100644 --- a/config/initializers/postgresql_cte.rb +++ b/config/initializers/postgresql_cte.rb @@ -61,11 +61,13 @@ module ActiveRecord def with_values=(values) raise ImmutableRelation if @loaded + @values[:with] = values end def recursive_value=(value) raise ImmutableRelation if @loaded + @values[:recursive] = value end diff --git a/config/initializers/rack_attack_global.rb b/config/initializers/rack_attack_global.rb new file mode 100644 index 00000000000..9453df2ec5a --- /dev/null +++ b/config/initializers/rack_attack_global.rb @@ -0,0 +1,61 @@ +module Gitlab::Throttle + def self.settings + Gitlab::CurrentSettings.current_application_settings + end + + def self.unauthenticated_options + limit_proc = proc { |req| settings.throttle_unauthenticated_requests_per_period } + period_proc = proc { |req| settings.throttle_unauthenticated_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end + + def self.authenticated_api_options + limit_proc = proc { |req| settings.throttle_authenticated_api_requests_per_period } + period_proc = proc { |req| settings.throttle_authenticated_api_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end + + def self.authenticated_web_options + limit_proc = proc { |req| settings.throttle_authenticated_web_requests_per_period } + period_proc = proc { |req| settings.throttle_authenticated_web_period_in_seconds.seconds } + { limit: limit_proc, period: period_proc } + end +end + +class Rack::Attack + throttle('throttle_unauthenticated', Gitlab::Throttle.unauthenticated_options) do |req| + Gitlab::Throttle.settings.throttle_unauthenticated_enabled && + req.unauthenticated? && + req.ip + end + + throttle('throttle_authenticated_api', Gitlab::Throttle.authenticated_api_options) do |req| + Gitlab::Throttle.settings.throttle_authenticated_api_enabled && + req.api_request? && + req.authenticated_user_id + end + + throttle('throttle_authenticated_web', Gitlab::Throttle.authenticated_web_options) do |req| + Gitlab::Throttle.settings.throttle_authenticated_web_enabled && + req.web_request? && + req.authenticated_user_id + end + + class Request + def unauthenticated? + !authenticated_user_id + end + + def authenticated_user_id + Gitlab::Auth::RequestAuthenticator.new(self).user&.id + end + + def api_request? + path.start_with?('/api') + end + + def web_request? + !api_request? + end + end +end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index a1cc9655319..ba4481ae602 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -64,13 +64,13 @@ end # The Sidekiq client API always adds the queue to the Sidekiq queue # list, but mail_room and gitlab-shell do not. This is only necessary # for monitoring. -config = YAML.load_file(Rails.root.join('config', 'sidekiq_queues.yml').to_s) - begin + queues = Gitlab::SidekiqConfig.worker_queues + Sidekiq.redis do |conn| conn.pipelined do - config[:queues].each do |queue| - conn.sadd('queues', queue[0]) + queues.each do |queue| + conn.sadd('queues', queue) end end end diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 0da6b14c29e..b1c71095d4f 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -62,7 +62,15 @@ en: read_user: Read the authenticated user's personal information openid: Authenticate using OpenID Connect sudo: Perform API actions as any user in the system (if the authenticated user is an admin) - + scope_desc: + api: + Full access to GitLab as the user, including read/write on all their groups and projects + read_user: + Read-only access to the user's profile information, like username, public email and full name + openid: + The ability to authenticate using GitLab, and read-only access to the user's profile information + sudo: + Access to the Sudo feature, to perform API actions as any user in the system (only available for admins) flash: applications: create: diff --git a/config/prometheus/additional_metrics.yml b/config/prometheus/additional_metrics.yml index 190eeb59a2c..601a86490d4 100644 --- a/config/prometheus/additional_metrics.yml +++ b/config/prometheus/additional_metrics.yml @@ -145,7 +145,7 @@ - container_memory_usage_bytes weight: 1 queries: - - query_range: '(sum(container_memory_usage_bytes{container_name!="POD",environment="%{ci_environment_slug}"}) / count(container_memory_usage_bytes{container_name!="POD",environment="%{ci_environment_slug}"})) /1024/1024' + - query_range: '(sum(avg(container_memory_usage_bytes{container_name!="POD",environment="%{ci_environment_slug}"}) without (job))) / count(avg(container_memory_usage_bytes{container_name!="POD",environment="%{ci_environment_slug}"}) without (job)) /1024/1024' label: Average unit: MB - title: "CPU Utilization" @@ -154,8 +154,6 @@ - container_cpu_usage_seconds_total weight: 1 queries: - - query_range: 'sum(rate(container_cpu_usage_seconds_total{container_name!="POD",environment="%{ci_environment_slug}"}[2m])) * 100' - label: CPU - unit: "%" - series: - - label: cpu + - query_range: 'sum(avg(rate(container_cpu_usage_seconds_total{container_name!="POD",environment="%{ci_environment_slug}"}[2m])) without (job)) * 100' + label: Average + unit: "%"
\ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index fc13dc4865f..016140e0ede 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -42,6 +42,7 @@ Rails.application.routes.draw do scope path: '-' do get 'liveness' => 'health#liveness' get 'readiness' => 'health#readiness' + post 'storage_check' => 'health#storage_check' resources :metrics, only: [:index] mount Peek::Railtie => '/peek' @@ -100,7 +101,5 @@ Rails.application.routes.draw do root to: "root#index" - draw :test if Rails.env.test? - get '*unmatched_route', to: 'application#route_not_found' end diff --git a/config/routes/admin.rb b/config/routes/admin.rb index c0748231813..e22fb440abc 100644 --- a/config/routes/admin.rb +++ b/config/routes/admin.rb @@ -97,7 +97,7 @@ namespace :admin do resource :appearances, only: [:show, :create, :update], path: 'appearance' do member do - get :preview + get :preview_sign_in delete :logo delete :header_logos end diff --git a/config/routes/group.rb b/config/routes/group.rb index db99e10bb9a..976837a246d 100644 --- a/config/routes/group.rb +++ b/config/routes/group.rb @@ -49,6 +49,12 @@ constraints(GroupUrlConstrainer.new) do post :resend_invite, on: :member delete :leave, on: :collection end + + resources :uploads, only: [:create] do + collection do + get ":secret/:filename", action: :show, as: :show, constraints: { filename: /[^\/]+/ } + end + end end scope(path: '*id', diff --git a/config/routes/project.rb b/config/routes/project.rb index bdafaba3ab3..093da10f57f 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -183,10 +183,16 @@ constraints(ProjectUrlConstrainer.new) do end end - resources :clusters, except: [:edit] do + resources :clusters, except: [:edit, :create] do collection do - get :login - get '/providers/gcp/new', action: :new_gcp + scope :providers do + get '/user/new', to: 'clusters/user#new' + post '/user', to: 'clusters/user#create' + + get '/gcp/new', to: 'clusters/gcp#new' + get '/gcp/login', to: 'clusters/gcp#login' + post '/gcp', to: 'clusters/gcp#create' + end end member do @@ -429,7 +435,7 @@ constraints(ProjectUrlConstrainer.new) do get :download_export get :activity get :refs - put :new_issue_address + put :new_issuable_address end end end diff --git a/config/routes/test.rb b/config/routes/test.rb deleted file mode 100644 index ac477cdbbbc..00000000000 --- a/config/routes/test.rb +++ /dev/null @@ -1,2 +0,0 @@ -get '/unicorn_test/pid' => 'unicorn_test#pid' -post '/unicorn_test/kill' => 'unicorn_test#kill' diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 41b78bad8cc..e059d7c11e0 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -28,6 +28,7 @@ - [build, 2] - [pipeline, 2] - [pipeline_processing, 5] + - [pipeline_creation, 4] - [pipeline_default, 3] - [pipeline_cache, 3] - [pipeline_hooks, 2] @@ -40,6 +41,8 @@ - [upload_checksum, 1] - [repository_fork, 1] - [repository_import, 1] + - [github_importer, 1] + - [github_importer_advance_stage, 1] - [project_service, 1] - [delete_user, 1] - [delete_merged_branches, 1] diff --git a/config/svg.config.js b/config/svg.config.js index be72741abec..bb27f0caeef 100644 --- a/config/svg.config.js +++ b/config/svg.config.js @@ -2,8 +2,8 @@ const path = require('path'); const fs = require('fs'); -const sourcePath = path.join('node_modules', 'gitlab-svgs', 'dist'); -const sourcePathIllustrations = path.join('node_modules', 'gitlab-svgs', 'dist', 'illustrations'); +const sourcePath = path.join('node_modules', '@gitlab-org/gitlab-svgs', 'dist'); +const sourcePathIllustrations = path.join('node_modules', '@gitlab-org/gitlab-svgs', 'dist', 'illustrations'); const destPath = path.normalize(path.join('app', 'assets', 'images')); // Actual Task copying the 2 files + all illustrations diff --git a/config/webpack.config.js b/config/webpack.config.js index 67d7cae3ccf..78ced4c3e8c 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -108,10 +108,6 @@ var config = { loader: 'vue-loader', }, { - test: /\.ts$/, - loader: 'ts-loader', - }, - { test: /\.svg$/, loader: 'raw-loader', }, @@ -121,6 +117,10 @@ var config = { options: { limit: 2048 }, }, { + test: /\_worker\.js$/, + loader: 'worker-loader', + }, + { test: /\.(worker(\.min)?\.js|pdf|bmpr)$/, exclude: /node_modules/, loader: 'file-loader', @@ -256,7 +256,7 @@ var config = { ], resolve: { - extensions: ['.js', '.ts'], + extensions: ['.js'], alias: { '~': path.join(ROOT_PATH, 'app/assets/javascripts'), 'emojis': path.join(ROOT_PATH, 'fixtures/emojis'), |