diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 06:07:29 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 06:07:29 +0300 |
| commit | 1103945ed4f3e430b8029b4a7893e214dfe289fb (patch) | |
| tree | 5bd67830842c9d8f964a09f3a601581efdb0c358 | |
| parent | dbfcd56fcbb4e148920094ab004ed175468911c3 (diff) | |
Add latest changes from gitlab-org/gitlab@master
24 files changed, 218 insertions, 32 deletions
diff --git a/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue b/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue index fba16d3c1d6..fa369d23b6c 100644 --- a/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue +++ b/app/assets/javascripts/vue_merge_request_widget/components/extensions/child_content.vue @@ -98,7 +98,12 @@ export default { <div v-if="data.supportingText"> <p v-safe-html="generateText(data.supportingText)" class="gl-m-0"></p> </div> - <gl-badge v-if="data.badge" :variant="data.badge.variant || 'info'"> + <gl-badge + v-if="data.badge" + :variant="data.badge.variant || 'info'" + size="sm" + class="gl-ml-2" + > {{ data.badge.text }} </gl-badge> </div> diff --git a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js index 6924279ffaf..fd28df2fa38 100644 --- a/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js +++ b/app/assets/javascripts/vue_merge_request_widget/extensions/code_quality/index.js @@ -102,6 +102,10 @@ export default { icon: { name: SEVERITY_ICONS_MR_WIDGET[e.severity], }, + badge: { + variant: 'neutral', + text: s__(`ciReport|Fixed`), + }, }); }); diff --git a/app/assets/javascripts/work_items/components/work_item_description_rendered.vue b/app/assets/javascripts/work_items/components/work_item_description_rendered.vue index 4e9ebef289e..2d1dcfaf0e5 100644 --- a/app/assets/javascripts/work_items/components/work_item_description_rendered.vue +++ b/app/assets/javascripts/work_items/components/work_item_description_rendered.vue @@ -95,7 +95,7 @@ export default { <template> <div class="gl-mb-5 gl-border-t gl-pt-5"> - <div class="gl-display-inline-flex gl-align-items-center gl-mb-5"> + <div class="gl-display-inline-flex gl-align-items-center gl-mb-3"> <label class="d-block col-form-label gl-mr-5">{{ __('Description') }}</label> <gl-button v-if="canEdit" diff --git a/danger/plugins/user_types.rb b/danger/plugins/user_types.rb new file mode 100644 index 00000000000..4f7dd572224 --- /dev/null +++ b/danger/plugins/user_types.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require_relative '../../tooling/danger/user_types' + +module Danger + class UserTypes < ::Danger::Plugin + include Tooling::Danger::UserTypes + end +end diff --git a/danger/user_types/Dangerfile b/danger/user_types/Dangerfile new file mode 100644 index 00000000000..4b7ab1dbe39 --- /dev/null +++ b/danger/user_types/Dangerfile @@ -0,0 +1,3 @@ +# frozen_string_literal: true + +user_types.bot_user_types_change_warning diff --git a/data/deprecations/14-8-graphql-ids.yml b/data/deprecations/14-8-graphql-ids.yml index 344e7a8cef5..599748652f6 100644 --- a/data/deprecations/14-8-graphql-ids.yml +++ b/data/deprecations/14-8-graphql-ids.yml @@ -2,7 +2,7 @@ announcement_milestone: "14.8" announcement_date: "2022-02-22" removal_milestone: "15.0" - removal_date: "2022-04-22" + removal_date: "2022-05-22" breaking_change: true reporter: alexkalderimis body: | # Do not modify this line, instead modify the lines below. diff --git a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml index 3bdd9cb7dc1..07590296096 100644 --- a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml +++ b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml @@ -2,7 +2,7 @@ announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "17.0" # (required) The milestone when this feature is planned to be removed - removal_date: "2024-04-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_date: "2024-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: pedropombeiro # (required) GitLab username of the person reporting the deprecation stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth diff --git a/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml b/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml index 60dd6d86cd6..f93ffb05014 100644 --- a/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml +++ b/data/deprecations/15-6-deprecate-runner-reg-token-helm.yml @@ -2,7 +2,7 @@ announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "17.0" # (required) The milestone when this feature is planned to be removed - removal_date: "2024-04-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_date: "2024-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: pedropombeiro # (required) GitLab username of the person reporting the deprecation stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth diff --git a/data/deprecations/15-6-deprecate-runner-register-command.yml b/data/deprecations/15-6-deprecate-runner-register-command.yml index 3eb26dd6d63..d2633ffacc9 100644 --- a/data/deprecations/15-6-deprecate-runner-register-command.yml +++ b/data/deprecations/15-6-deprecate-runner-register-command.yml @@ -2,7 +2,7 @@ announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "17.0" # (required) The milestone when this feature is planned to be removed - removal_date: "2024-04-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_date: "2024-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: pedropombeiro # (required) GitLab username of the person reporting the deprecation stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth diff --git a/data/deprecations/15-6-deprecate-runner-register-token-k8s-operator.yml b/data/deprecations/15-6-deprecate-runner-register-token-k8s-operator.yml index 308843fdfa7..ec128c1aad1 100644 --- a/data/deprecations/15-6-deprecate-runner-register-token-k8s-operator.yml +++ b/data/deprecations/15-6-deprecate-runner-register-token-k8s-operator.yml @@ -2,7 +2,7 @@ announcement_milestone: "15.6" # (required) The milestone when this feature was first announced as deprecated. announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "17.0" # (required) The milestone when this feature is planned to be removed - removal_date: "2024-04-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_date: "2024-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: ratchade # (required) GitLab username of the person reporting the deprecation stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth diff --git a/data/deprecations/15-7-deprecate-dast-zap-variables.yml b/data/deprecations/15-7-deprecate-dast-zap-variables.yml new file mode 100644 index 00000000000..764d74b00bb --- /dev/null +++ b/data/deprecations/15-7-deprecate-dast-zap-variables.yml @@ -0,0 +1,13 @@ +- title: "DAST ZAP advanced configuration variables deprecation" # (required) Actionable title. e.g., The `confidential` field for a `Note` is deprecated. Use `internal` instead. + announcement_milestone: "15.7" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-12-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: derekferguson # (required) GitLab username of the person reporting the deprecation + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/383467 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 16.0: `DAST_ZAP_CLI_OPTIONS` and `DAST_ZAP_LOG_CONFIGURATION`. These variables allowed for advanced configuration of the legacy DAST analyzer, which was based on OWASP ZAP. The new browser-based analyzer will not include the same functionality, as these were specific to how ZAP worked. + + These three variables will be removed in GitLab 16.0. diff --git a/data/deprecations/15-8-dast-report-variables-deprecation.yml b/data/deprecations/15-8-dast-report-variables-deprecation.yml new file mode 100644 index 00000000000..21416e0d009 --- /dev/null +++ b/data/deprecations/15-8-dast-report-variables-deprecation.yml @@ -0,0 +1,13 @@ +- title: "DAST report variables deprecation" # (required) Actionable title. e.g., The `confidential` field for a `Note` is deprecated. Use `internal` instead. + announcement_milestone: "15.7" # (required) The milestone when this feature was first announced as deprecated. + announcement_date: "2022-12-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + breaking_change: true # (required) If this deprecation is a breaking change, set this value to true + reporter: derekferguson # (required) GitLab username of the person reporting the deprecation + stage: Secure # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/384340 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 16.0: `DAST_HTML_REPORT`, `DAST_XML_REPORT`, and `DAST_MARKDOWN_REPORT`. These reports relied on the legacy DAST analyzer and we do not plan to implement them in the new browser-based analyzer. As of GitLab 16.0, these report artifacts will no longer be generated. + + These three variables will be removed in GitLab 16.0. diff --git a/data/deprecations/16-0-post-ci-lint.yml b/data/deprecations/16-0-post-ci-lint.yml index cb2570ee255..3bea4201bc0 100644 --- a/data/deprecations/16-0-post-ci-lint.yml +++ b/data/deprecations/16-0-post-ci-lint.yml @@ -18,9 +18,9 @@ # - title: "`POST ci/lint` API endpoint deprecated" # (required) The name of the feature to be deprecated announcement_milestone: "15.7" # (required) The milestone when this feature was first announced as deprecated. - announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + announcement_date: "2022-12-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed - removal_date: 2021-03-22 # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. + removal_date: "2023-05-22" # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: dhershkovitch # (required) GitLab username of the person reporting the deprecation stage: verify # (required) String value of the stage that the feature was created in. e.g., Growth diff --git a/doc/development/feature_flags/controls.md b/doc/development/feature_flags/controls.md index 829372ce836..3e6491a92b5 100644 --- a/doc/development/feature_flags/controls.md +++ b/doc/development/feature_flags/controls.md @@ -67,10 +67,8 @@ a (very) rough estimate of how your feature will look and behave on GitLab.com. Both of these instances are connected to Sentry so make sure you check the projects there for any exceptions while testing your feature after enabling the feature flag. -For these pre-production environments, the commands should be run in a -Slack channel for the stage the feature is relevant to. For example, use the -`#s_monitor` channel for features developed by the Monitor stage, Health -group. +For these pre-production environments, it's strongly encouraged to run the command in +`#staging`, `#production`, or `#chatops-ops-test`, for improved visibility. To enable a feature for 25% of the time, run the following in Slack: diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 9e580d93609..f117baa849c 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -86,6 +86,38 @@ These two variables will be removed in GitLab 16.0. <div class="deprecation removal-160 breaking-change"> +### DAST ZAP advanced configuration variables deprecation + +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 16.0: `DAST_ZAP_CLI_OPTIONS` and `DAST_ZAP_LOG_CONFIGURATION`. These variables allowed for advanced configuration of the legacy DAST analyzer, which was based on OWASP ZAP. The new browser-based analyzer will not include the same functionality, as these were specific to how ZAP worked. + +These three variables will be removed in GitLab 16.0. + +</div> + +<div class="deprecation removal-160 breaking-change"> + +### DAST report variables deprecation + +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +With the new browser-based DAST analyzer GA in GitLab 15.7, we are working towards making it the default DAST analyzer at some point in the future. In preparation for this, the following legacy DAST variables are being deprecated and scheduled for removal in GitLab 16.0: `DAST_HTML_REPORT`, `DAST_XML_REPORT`, and `DAST_MARKDOWN_REPORT`. These reports relied on the legacy DAST analyzer and we do not plan to implement them in the new browser-based analyzer. As of GitLab 16.0, these report artifacts will no longer be generated. + +These three variables will be removed in GitLab 16.0. + +</div> + +<div class="deprecation removal-160 breaking-change"> + ### KAS Metrics Port in GitLab Helm Chart End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> @@ -191,7 +223,7 @@ and will be moved to the JiHu GitLab codebase. ### `POST ci/lint` API endpoint deprecated -Planned removal: GitLab <span class="removal-milestone">16.0</span> (2021-03-22) +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2023-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). @@ -226,7 +258,7 @@ From GitLab 13.6, users can [specify any runner configuration in the GitLab Runn ### GitLab Runner registration token in Runner Operator End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> -Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-04-22) +Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). @@ -241,7 +273,7 @@ The [`runner-registration-token`](https://docs.gitlab.com/runner/install/operato ### Registration tokens and server-side runner arguments in `POST /api/v4/runners` endpoint End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> -Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-04-22) +Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). @@ -265,7 +297,7 @@ From GitLab 17.0 and later, the runner registration methods implemented by the n ### Registration tokens and server-side runner arguments in `gitlab-runner register` command End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> -Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-04-22) +Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). @@ -286,7 +318,7 @@ to the `gitlab-runner register` command. ### `runnerRegistrationToken` parameter for GitLab Runner Helm Chart End of Support: GitLab <span class="removal-milestone">16.0</span> (2023-05-22)<br /> -Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-04-22) +Planned removal: GitLab <span class="removal-milestone">17.0</span> (2024-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). @@ -1159,7 +1191,7 @@ status value can be used in place of `active` since GitLab 14.8. ### GraphQL ID and GlobalID compatibility -Planned removal: GitLab <span class="removal-milestone">15.0</span> (2022-04-22) +Planned removal: GitLab <span class="removal-milestone">15.0</span> (2022-05-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). diff --git a/doc/user/application_security/dast/authentication.md b/doc/user/application_security/dast/authentication.md index a240a496bab..d4f91639dbc 100644 --- a/doc/user/application_security/dast/authentication.md +++ b/doc/user/application_security/dast/authentication.md @@ -345,6 +345,8 @@ information, configure the [authentication report](#configure-the-authentication For more information about particular error messages or situations see [known problems](#known-problems). +The browser-based analyzer is used to authenticate the user. For advanced troubleshooting, see [browser-based troubleshooting](browser_based_troubleshooting.md). + ### Read the logs The console output of the DAST CI/CD job shows information about the authentication process using the `AUTH` log module. diff --git a/doc/user/application_security/dast/browser_based.md b/doc/user/application_security/dast/browser_based.md index 97f80313d3e..2425351c45b 100644 --- a/doc/user/application_security/dast/browser_based.md +++ b/doc/user/application_security/dast/browser_based.md @@ -276,7 +276,7 @@ dast: NOTE: Adjusting these values may impact scan time because they adjust how long each browser waits for various activities to complete. -### Artifacts +## Artifacts Using the latest version of the DAST [template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml) these artifacts are exposed for download by default. @@ -285,3 +285,7 @@ The list of artifacts includes the following files: - `gl-dast-debug-auth-report.html` - `gl-dast-debug-crawl-report.html` - `gl-dast-crawl-graph.svg` + +## Troubleshooting + +See [troubleshooting](browser_based_troubleshooting.md) for more information. diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index 7161736ea3e..fc78018bdad 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -369,9 +369,9 @@ including a large number of false positives. | `DAST_EXCLUDE_URLS` <sup>1</sup> | URLs | The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence. Example, `http://example.com/sign-out`. | | `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` | boolean | **{warning}** **[Removed](https://gitlab.com/gitlab-org/gitlab/-/issues/293595)** in GitLab 14.0. Set to `true` to require domain validation when running DAST full scans. Default: `false` | | `DAST_FULL_SCAN_ENABLED` <sup>1</sup> | boolean | Set to `true` to run a [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan) instead of a [ZAP Baseline Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan). Default: `false` | -| `DAST_HTML_REPORT` | string | The filename of the HTML report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | +| `DAST_HTML_REPORT` | string | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/384340)** in GitLab 15.7. The filename of the HTML report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | | `DAST_INCLUDE_ALPHA_VULNERABILITIES` | boolean | Set to `true` to include alpha passive and active scan rules. Default: `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | -| `DAST_MARKDOWN_REPORT` | string | The filename of the Markdown report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | +| `DAST_MARKDOWN_REPORT` | string | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/384340)** in GitLab 15.7. The filename of the Markdown report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | | `DAST_MASK_HTTP_HEADERS` | string | Comma-separated list of request and response headers to be masked (GitLab 13.1). Must contain **all** headers to be masked. Refer to [list of headers that are masked by default](#hide-sensitive-information). | | `DAST_MAX_URLS_PER_VULNERABILITY` | number | The maximum number of URLs reported for a single vulnerability. `DAST_MAX_URLS_PER_VULNERABILITY` is set to `50` by default. To list all the URLs set to `0`. [Introduced](https://gitlab.com/gitlab-org/security-products/dast/-/merge_requests/433) in GitLab 13.12. | | `DAST_ONLY_INCLUDE_RULES` | string | Set to a comma-separated list of Vulnerability Rule IDs to configure the scan to run only them. Rule IDs are numbers and can be found from the DAST log or on the [ZAP project](https://www.zaproxy.org/docs/alerts/). Cannot be used when `DAST_EXCLUDE_RULES` is set. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250651) in GitLab 13.12. | @@ -385,10 +385,10 @@ including a large number of false positives. | `DAST_SPIDER_START_AT_HOST` | boolean | Set to `false` to prevent DAST from resetting the target to its host before scanning. When `true`, non-host targets `http://test.site/some_path` is reset to `http://test.site` before scan. Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/258805) in GitLab 13.6. | | `DAST_TARGET_AVAILABILITY_TIMEOUT` <sup>1</sup> | number | Time limit in seconds to wait for target availability. | | `DAST_USE_AJAX_SPIDER` <sup>1</sup> | boolean | Set to `true` to use the AJAX spider in addition to the traditional spider, useful for crawling sites that require JavaScript. Default: `false`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | -| `DAST_XML_REPORT` | string | The filename of the XML report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | +| `DAST_XML_REPORT` | string | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/384340)** in GitLab 15.7. The filename of the XML report written at the end of a scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | | `DAST_WEBSITE` <sup>1</sup> | URL | The URL of the website to scan. | -| `DAST_ZAP_CLI_OPTIONS` | string | ZAP server command-line options. For example, `-Xmx3072m` would set the Java maximum memory allocation pool size. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | -| `DAST_ZAP_LOG_CONFIGURATION` | string | Set to a semicolon-separated list of additional log4j properties for the ZAP Server. Example: `logger.httpsender.name=org.parosproxy.paros.network.HttpSender;logger.httpsender.level=debug;logger.sitemap.name=org.parosproxy.paros.model.SiteMap;logger.sitemap.level=debug;` | +| `DAST_ZAP_CLI_OPTIONS` | string | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/383467)** in GitLab 15.7. ZAP server command-line options. For example, `-Xmx3072m` would set the Java maximum memory allocation pool size. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/12652) in GitLab 13.1. | +| `DAST_ZAP_LOG_CONFIGURATION` | string | **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/383467)** in GitLab 15.7. Set to a semicolon-separated list of additional log4j properties for the ZAP Server. Example: `logger.httpsender.name=org.parosproxy.paros.network.HttpSender;logger.httpsender.level=debug;logger.sitemap.name=org.parosproxy.paros.model.SiteMap;logger.sitemap.level=debug;` | | `SECURE_ANALYZERS_PREFIX` | URL | Set the Docker registry base address from which to download the analyzer. | 1. Available to an on-demand DAST scan. diff --git a/lib/tasks/gitlab/info.rake b/lib/tasks/gitlab/info.rake index 161c7dd38ac..4f7053b7629 100644 --- a/lib/tasks/gitlab/info.rake +++ b/lib/tasks/gitlab/info.rake @@ -85,11 +85,9 @@ namespace :gitlab do puts "" puts "GitLab Shell".color(:yellow) puts "Version:\t#{Gitlab::Shell.version || "unknown".color(:red)}" - puts "Repository storage paths:" - Gitlab::GitalyClient::StorageSettings.allow_disk_access do - Gitlab.config.repositories.storages.each do |name, repository_storage| - puts "- #{name}: \t#{repository_storage.legacy_disk_path}" - end + puts "Repository storages:" + Gitlab.config.repositories.storages.each do |name, repository_storage| + puts "- #{name}: \t#{repository_storage.gitaly_address}" end puts "GitLab Shell path:\t\t#{Gitlab.config.gitlab_shell.path}" end diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb index 047e4dcf5dc..701dcebb0f3 100644 --- a/spec/features/projects_spec.rb +++ b/spec/features/projects_spec.rb @@ -329,7 +329,7 @@ RSpec.describe 'Project', feature_category: :projects do it 'has working links to submodules' do click_link('645f6c4c') - expect(page).to have_selector('[data-testid="branches-select"]', text: '645f6c4c82fd3f5e06f67134450a570b795e55a6') + expect(page).to have_selector('.ref-selector', text: '645f6c4c82fd3f5e06f67134450a570b795e55a6') end context 'for signed commit on default branch', :js do diff --git a/spec/frontend/vue_merge_request_widget/extentions/code_quality/index_spec.js b/spec/frontend/vue_merge_request_widget/extentions/code_quality/index_spec.js index 9a72e4a086b..097cab4db06 100644 --- a/spec/frontend/vue_merge_request_widget/extentions/code_quality/index_spec.js +++ b/spec/frontend/vue_merge_request_widget/extentions/code_quality/index_spec.js @@ -1,4 +1,5 @@ import MockAdapter from 'axios-mock-adapter'; +import { GlBadge } from '@gitlab/ui'; import { mountExtended } from 'helpers/vue_test_utils_helper'; import { trimText } from 'helpers/text_helper'; import waitForPromises from 'helpers/wait_for_promises'; @@ -138,8 +139,17 @@ describe('Code Quality extension', () => { "Minor - Parsing error: 'return' outside of function in index.js:12", ); expect(text.resolvedError).toContain( - "Minor - Parsing error: 'return' outside of function in index.js:12", + "Minor - Parsing error: 'return' outside of function Fixed in index.js:12", ); }); + + it('adds fixed indicator (badge) when error is resolved', () => { + expect(findAllExtensionListItems().at(1).findComponent(GlBadge).exists()).toBe(true); + expect(findAllExtensionListItems().at(1).findComponent(GlBadge).text()).toEqual('Fixed'); + }); + + it('should not add fixed indicator (badge) when error is new', () => { + expect(findAllExtensionListItems().at(0).findComponent(GlBadge).exists()).toBe(false); + }); }); }); diff --git a/spec/support/database/query_recorder.rb b/spec/support/database/query_recorder.rb index 3480430a0da..c0736221af3 100644 --- a/spec/support/database/query_recorder.rb +++ b/spec/support/database/query_recorder.rb @@ -5,5 +5,13 @@ RSpec.configure do |config| config.before(:suite) do log_file = Rails.root.join(Gitlab::Database::QueryAnalyzers::QueryRecorder.log_file) File.write(log_file, '') if File.exist?(log_file) + File.delete("#{log_file}.gz") if File.exist?("#{log_file}.gz") + end + + config.after(:suite) do + if ENV['CI'] + log_file = Rails.root.join(Gitlab::Database::QueryAnalyzers::QueryRecorder.log_file) + system("gzip #{log_file}") if File.exist?(log_file) + end end end diff --git a/spec/tooling/danger/user_types_spec.rb b/spec/tooling/danger/user_types_spec.rb new file mode 100644 index 00000000000..4b87f649760 --- /dev/null +++ b/spec/tooling/danger/user_types_spec.rb @@ -0,0 +1,56 @@ +# frozen_string_literal: true + +require 'gitlab-dangerfiles' +require 'gitlab/dangerfiles/spec_helper' +require_relative '../../../tooling/danger/user_types' + +RSpec.describe Tooling::Danger::UserTypes, feature_category: :subscription_usage_reports do + include_context 'with dangerfile' + + let(:fake_danger) { DangerSpecHelper.fake_danger.include(described_class) } + let(:user_types) { fake_danger.new(helper: fake_helper) } + + describe 'changed files' do + subject(:bot_user_types_change_warning) { user_types.bot_user_types_change_warning } + + before do + allow(fake_helper).to receive(:modified_files).and_return(modified_files) + allow(fake_helper).to receive(:changed_lines).and_return(changed_lines) + end + + context 'when has_user_type.rb file is not impacted' do + let(:modified_files) { ['app/models/concerns/importable.rb'] } + let(:changed_lines) { ['+ANY_CHANGES'] } + + it "doesn't add any warnings" do + expect(user_types).not_to receive(:warn) + + bot_user_types_change_warning + end + end + + context 'when the has_user_type.rb file is impacted' do + let(:modified_files) { ['app/models/concerns/has_user_type.rb'] } + + context 'with BOT_USER_TYPES changes' do + let(:changed_lines) { ['+BOT_USER_TYPES'] } + + it 'adds warning' do + expect(user_types).to receive(:warn).with(described_class::BOT_USER_TYPES_CHANGED_WARNING) + + bot_user_types_change_warning + end + end + + context 'without BOT_USER_TYPES changes' do + let(:changed_lines) { ['+OTHER_CHANGES'] } + + it "doesn't add any warnings" do + expect(user_types).not_to receive(:warn) + + bot_user_types_change_warning + end + end + end + end +end diff --git a/tooling/danger/user_types.rb b/tooling/danger/user_types.rb new file mode 100644 index 00000000000..8320c43ae93 --- /dev/null +++ b/tooling/danger/user_types.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +module Tooling + module Danger + module UserTypes + FILE_PATH = "app/models/concerns/has_user_type.rb" + BOT_USER_TYPES_CHANGE_INDICATOR_REGEX = %r{BOT_USER_TYPES}.freeze + BOT_USER_TYPES_CHANGED_WARNING = <<~MSG + You are changing BOT_USER_TYPES in `app/models/concerns/has_user_type.rb`. + If you are adding or removing new bots, remember to update the `active_billable_users` index with the new value. + If the bot is not billable, remember to make sure that it's not counted as a billable user. + MSG + + def bot_user_types_change_warning + return unless impacted? + + warn BOT_USER_TYPES_CHANGED_WARNING if bot_user_types_impacted? + end + + private + + def impacted? + helper.modified_files.include?(FILE_PATH) + end + + def bot_user_types_impacted? + helper.changed_lines(FILE_PATH).any? { |change| change =~ BOT_USER_TYPES_CHANGE_INDICATOR_REGEX } + end + end + end +end |