Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2022-06-20 15:09:24 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2022-06-20 15:09:24 +0300
commit24f32a55ee1f8dc2dc36e04898886459b1393c2f (patch)
tree7a4e5329a5c718875f730aea5c3c1142982404ab
parentb509bf0a57ade2d846459e44c208495e0e317c81 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat
-rw-r--r--.gitlab/ci/rules.gitlab-ci.yml18
-rw-r--r--.gitlab/ci/static-analysis.gitlab-ci.yml36
-rw-r--r--.rubocop.yml3
-rw-r--r--.rubocop_todo/fips/open_ssl.yml222
-rw-r--r--GITALY_SERVER_VERSION2
-rw-r--r--Gemfile2
-rw-r--r--Gemfile.lock4
-rw-r--r--app/assets/javascripts/diffs/components/commit_item.vue4
-rw-r--r--app/assets/javascripts/repository/components/last_commit.vue4
-rw-r--r--app/assets/stylesheets/pages/branches.scss6
-rw-r--r--app/assets/stylesheets/pages/commits.scss12
-rw-r--r--app/views/projects/branches/_branch.html.haml4
-rw-r--r--app/views/projects/commits/_commit.html.haml2
-rw-r--r--app/views/projects/empty.html.haml4
-rw-r--r--app/workers/projects/refresh_build_artifacts_size_statistics_worker.rb12
-rw-r--r--config/feature_flags/development/group_name_path_vue.yml2
-rw-r--r--config/feature_flags/development/projects_build_artifacts_size_refresh_high.yml8
-rw-r--r--config/feature_flags/development/projects_build_artifacts_size_refresh_low.yml8
-rw-r--r--config/feature_flags/development/projects_build_artifacts_size_refresh_medium.yml8
-rw-r--r--config/feature_flags/ops/projects_build_artifacts_size_refresh.yml8
-rw-r--r--danger/roulette/Dangerfile4
-rw-r--r--doc/development/dangerbot.md10
-rw-r--r--lib/tasks/gitlab/db.rake63
-rw-r--r--locale/gitlab.pot9
-rwxr-xr-xscripts/process_custom_semgrep_results.sh55
-rw-r--r--spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap2
-rw-r--r--spec/workers/projects/refresh_build_artifacts_size_statistics_worker_spec.rb27
27 files changed, 215 insertions, 324 deletions
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index ccdc2c1b90a..22e4b181c0e 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1456,6 +1456,24 @@
- <<: *if-merge-request
changes: *ci-patterns
+.semgrep-appsec-custom-rules:rules:
+ rules:
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-merge-request
+ changes: *code-backstage-qa-patterns
+
+.ping-appsec-for-sast-findings:rules:
+ rules:
+ # Requiring $CUSTOM_SAST_RULES_BOT_PAT prevents the bot from running on forks or CE
+ # Without it the script would fail too.
+ - if: "$CUSTOM_SAST_RULES_BOT_PAT == null"
+ when: never
+ - <<: *if-not-ee
+ when: never
+ - <<: *if-merge-request
+ changes: *code-backstage-qa-patterns
+
#######################
# Vendored gems rules #
#######################
diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml
index e1257e778bd..0fda3872500 100644
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@@ -152,3 +152,39 @@ feature-flags-usage:
when: always
paths:
- tmp/feature_flags/
+
+semgrep-appsec-custom-rules:
+ stage: lint
+ extends:
+ - .semgrep-appsec-custom-rules:rules
+ image: returntocorp/semgrep
+ needs: []
+ script:
+ # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
+ - git fetch origin master
+ # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
+ - |
+ semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
+ --include app --include lib --include workhorse \
+ --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
+ variables:
+ CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
+ artifacts:
+ paths:
+ - gl-sast-report.json
+ reports:
+ sast: gl-sast-report.json
+
+ping-appsec-for-sast-findings:
+ stage: lint
+ image: alpine:latest
+ extends:
+ - .ping-appsec-for-sast-findings:rules
+ variables:
+ # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
+ BOT_USER_ID: 11727358
+ needs:
+ - semgrep-appsec-custom-rules
+ script:
+ - apk add jq curl
+ - scripts/process_custom_semgrep_results.sh
diff --git a/.rubocop.yml b/.rubocop.yml
index 47c7e5b5e35..e4b46121df6 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -779,3 +779,6 @@ Migration/BackgroundMigrationBaseClass:
Style/ClassAndModuleChildren:
Enabled: true
+
+Fips/OpenSSL:
+ Enabled: false
diff --git a/.rubocop_todo/fips/open_ssl.yml b/.rubocop_todo/fips/open_ssl.yml
deleted file mode 100644
index 03a551112ab..00000000000
--- a/.rubocop_todo/fips/open_ssl.yml
+++ /dev/null
@@ -1,222 +0,0 @@
----
-# Cop supports --auto-correct.
-Fips/OpenSSL:
- Exclude:
- - 'app/controllers/application_controller.rb'
- - 'app/controllers/concerns/authenticates_with_two_factor.rb'
- - 'app/controllers/projects/merge_requests/diffs_controller.rb'
- - 'app/controllers/projects/merge_requests_controller.rb'
- - 'app/helpers/application_helper.rb'
- - 'app/models/ci/artifact_blob.rb'
- - 'app/models/concerns/analytics/cycle_analytics/stage.rb'
- - 'app/models/concerns/checksummable.rb'
- - 'app/models/concerns/token_authenticatable_strategies/encryption_helper.rb'
- - 'app/models/diff_discussion.rb'
- - 'app/models/discussion.rb'
- - 'app/models/legacy_diff_note.rb'
- - 'app/models/namespace.rb'
- - 'app/models/note.rb'
- - 'app/models/performance_monitoring/prometheus_panel.rb'
- - 'app/models/protected_branch.rb'
- - 'app/models/release_highlight.rb'
- - 'app/models/repository.rb'
- - 'app/models/resource_event.rb'
- - 'app/models/snippet.rb'
- - 'app/models/storage/hashed.rb'
- - 'app/models/token_with_iv.rb'
- - 'app/presenters/packages/composer/packages_presenter.rb'
- - 'app/services/ci/build_report_result_service.rb'
- - 'app/services/metrics/dashboard/transient_embed_service.rb'
- - 'app/services/packages/debian/generate_distribution_service.rb'
- - 'app/services/packages/go/create_package_service.rb'
- - 'app/services/packages/maven/metadata/append_package_file_service.rb'
- - 'app/services/packages/rubygems/create_gemspec_service.rb'
- - 'app/services/pages/migrate_legacy_storage_to_deployment_service.rb'
- - 'app/services/projects/lfs_pointers/lfs_download_service.rb'
- - 'app/uploaders/ci/secure_file_uploader.rb'
- - 'config/initializers/doorkeeper_openid_connect.rb'
- - 'config/initializers/session_store.rb'
- - 'config/settings.rb'
- - 'db/post_migrate/20210731132939_backfill_stage_event_hash.rb'
- - 'ee/app/models/storage_shard.rb'
- - 'ee/app/services/elastic/bookkeeping_shard_service.rb'
- - 'ee/app/services/security/track_scan_service.rb'
- - 'ee/app/services/vulnerabilities/create_service_base.rb'
- - 'ee/app/services/vulnerabilities/manually_create_service.rb'
- - 'ee/app/services/vulnerabilities/starboard_vulnerability_create_service.rb'
- - 'ee/lib/ee/gitlab/background_migration/populate_latest_pipeline_ids.rb'
- - 'ee/lib/ee/gitlab/background_migration/populate_resolved_on_default_branch_column.rb'
- - 'ee/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings.rb'
- - 'ee/lib/gitlab/analytics/cycle_analytics/stage_events/label_based_stage_event.rb'
- - 'ee/lib/gitlab/ci/reports/dependency_list/dependency.rb'
- - 'ee/lib/gitlab/ci/reports/security/remediation.rb'
- - 'ee/lib/gitlab/geo/replication/blob_downloader.rb'
- - 'ee/spec/factories/vulnerabilities/feedback.rb'
- - 'ee/spec/factories/vulnerabilities/finding_signatures.rb'
- - 'ee/spec/factories/vulnerabilities/remediations.rb'
- - 'ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb'
- - 'ee/spec/lib/ee/gitlab/alert_management/payload/generic_spec.rb'
- - 'ee/spec/lib/ee/gitlab/background_migration/populate_uuids_for_security_findings_spec.rb'
- - 'ee/spec/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
- - 'ee/spec/lib/ee/gitlab/background_migration/update_vulnerability_occurrences_location_spec.rb'
- - 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/issue_label_added_spec.rb'
- - 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/issue_label_removed_spec.rb'
- - 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/merge_request_label_added_spec.rb'
- - 'ee/spec/lib/gitlab/analytics/cycle_analytics/stage_events/merge_request_label_removed_spec.rb'
- - 'ee/spec/lib/gitlab/ci/reports/security/locations/cluster_image_scanning_spec.rb'
- - 'ee/spec/lib/gitlab/ci/reports/security/locations/container_scanning_spec.rb'
- - 'ee/spec/lib/gitlab/ci/reports/security/locations/dast_spec.rb'
- - 'ee/spec/lib/gitlab/ci/reports/security/locations/dependency_scanning_spec.rb'
- - 'ee/spec/migrations/update_vulnerability_occurrences_location_spec.rb'
- - 'ee/spec/models/merge_train_spec.rb'
- - 'ee/spec/models/resource_weight_event_spec.rb'
- - 'ee/spec/models/vulnerabilities/finding_signature_spec.rb'
- - 'ee/spec/models/vulnerabilities/finding_spec.rb'
- - 'ee/spec/services/alert_management/process_prometheus_alert_service_spec.rb'
- - 'ee/spec/services/merge_trains/check_status_service_spec.rb'
- - 'ee/spec/services/projects/alerting/notify_service_spec.rb'
- - 'ee/spec/services/security/ingestion/tasks/ingest_identifiers_spec.rb'
- - 'ee/spec/services/security/ingestion/tasks/ingest_remediations_spec.rb'
- - 'ee/spec/services/security/override_uuids_service_spec.rb'
- - 'ee/spec/services/security/track_scan_service_spec.rb'
- - 'ee/spec/services/vulnerabilities/manually_create_service_spec.rb'
- - 'ee/spec/support/matchers/locked_schema.rb'
- - 'lib/api/files.rb'
- - 'lib/api/maven_packages.rb'
- - 'lib/atlassian/jira_connect/serializers/branch_entity.rb'
- - 'lib/container_registry/client.rb'
- - 'lib/extracts_path.rb'
- - 'lib/gitlab/alert_management/fingerprint.rb'
- - 'lib/gitlab/analytics/cycle_analytics/stage_events/stage_event.rb'
- - 'lib/gitlab/background_migration/backfill_note_discussion_id.rb'
- - 'lib/gitlab/background_migration/backfill_project_repositories.rb'
- - 'lib/gitlab/ci/pipeline/seed/build/cache.rb'
- - 'lib/gitlab/ci/reports/security/finding.rb'
- - 'lib/gitlab/ci/reports/security/finding_signature.rb'
- - 'lib/gitlab/ci/reports/security/identifier.rb'
- - 'lib/gitlab/ci/reports/security/locations/base.rb'
- - 'lib/gitlab/ci/reports/test_case.rb'
- - 'lib/gitlab/color.rb'
- - 'lib/gitlab/composer/version_index.rb'
- - 'lib/gitlab/crypto_helper.rb'
- - 'lib/gitlab/database/migration_helpers.rb'
- - 'lib/gitlab/database/migration_helpers/v2.rb'
- - 'lib/gitlab/database/partitioning_migration_helpers/foreign_key_helpers.rb'
- - 'lib/gitlab/database/schema_helpers.rb'
- - 'lib/gitlab/database/schema_migrations/migrations.rb'
- - 'lib/gitlab/database/unidirectional_copy_trigger.rb'
- - 'lib/gitlab/diff/file.rb'
- - 'lib/gitlab/diff/formatters/base_formatter.rb'
- - 'lib/gitlab/diff/position.rb'
- - 'lib/gitlab/experimentation/controller_concern.rb'
- - 'lib/gitlab/git.rb'
- - 'lib/gitlab/git/branch.rb'
- - 'lib/gitlab/git/lfs_pointer_file.rb'
- - 'lib/gitlab/git/tag.rb'
- - 'lib/gitlab/hashed_path.rb'
- - 'lib/gitlab/insecure_key_fingerprint.rb'
- - 'lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb'
- - 'lib/gitlab/slug/environment.rb'
- - 'lib/gitlab/verify/job_artifacts.rb'
- - 'lib/json_web_token/rsa_token.rb'
- - 'lib/tasks/gitlab/assets.rake'
- - 'lib/tasks/tanuki_emoji.rake'
- - 'qa/qa/service/praefect_manager.rb'
- - 'qa/qa/specs/features/browser_ui/6_release/deploy_key/clone_using_deploy_key_spec.rb'
- - 'qa/qa/specs/features/ee/browser_ui/1_manage/group/group_saml_non_enforced_sso_spec.rb'
- - 'scripts/security-harness'
- - 'spec/components/diffs/stats_component_spec.rb'
- - 'spec/controllers/projects/blob_controller_spec.rb'
- - 'spec/factories/ci/job_artifacts.rb'
- - 'spec/factories/ci/reports/security/finding_keys.rb'
- - 'spec/factories/ci/unit_test.rb'
- - 'spec/factories/commit_signature/gpg_signature.rb'
- - 'spec/factories/commit_signature/ssh_signature.rb'
- - 'spec/factories/commit_signature/x509_commit_signature.rb'
- - 'spec/factories/design_management/designs.rb'
- - 'spec/factories/diff_position.rb'
- - 'spec/factories/gitaly/commit.rb'
- - 'spec/factories/merge_request_context_commit.rb'
- - 'spec/factories/merge_request_context_commit_diff_file.rb'
- - 'spec/factories/merge_request_diff_commits.rb'
- - 'spec/factories/merge_request_diffs.rb'
- - 'spec/factories/pages_deployments.rb'
- - 'spec/factories/sequences.rb'
- - 'spec/factories/token_with_ivs.rb'
- - 'spec/features/file_uploads/git_lfs_spec.rb'
- - 'spec/features/merge_request/user_sees_diff_spec.rb'
- - 'spec/features/merge_request/user_suggests_changes_on_diff_spec.rb'
- - 'spec/finders/merge_requests/oldest_per_commit_finder_spec.rb'
- - 'spec/lib/gitlab/alert_management/fingerprint_spec.rb'
- - 'spec/lib/gitlab/alert_management/payload/base_spec.rb'
- - 'spec/lib/gitlab/alert_management/payload/generic_spec.rb'
- - 'spec/lib/gitlab/alert_management/payload/prometheus_spec.rb'
- - 'spec/lib/gitlab/background_migration/backfill_note_discussion_id_spec.rb'
- - 'spec/lib/gitlab/background_migration/populate_vulnerability_reads_spec.rb'
- - 'spec/lib/gitlab/ci/reports/security/finding_signature_spec.rb'
- - 'spec/lib/gitlab/ci/reports/security/locations/sast_spec.rb'
- - 'spec/lib/gitlab/ci/reports/security/locations/secret_detection_spec.rb'
- - 'spec/lib/gitlab/ci/reports/test_case_spec.rb'
- - 'spec/lib/gitlab/crypto_helper_spec.rb'
- - 'spec/lib/gitlab/database/migration_helpers_spec.rb'
- - 'spec/lib/gitlab/database/schema_migrations/migrations_spec.rb'
- - 'spec/lib/gitlab/diff/file_spec.rb'
- - 'spec/lib/gitlab/diff/position_spec.rb'
- - 'spec/lib/gitlab/diff/position_tracer/image_strategy_spec.rb'
- - 'spec/lib/gitlab/diff/position_tracer/line_strategy_spec.rb'
- - 'spec/lib/gitlab/experimentation/controller_concern_spec.rb'
- - 'spec/lib/gitlab/git/branch_spec.rb'
- - 'spec/lib/gitlab/git/tag_spec.rb'
- - 'spec/lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job_spec.rb'
- - 'spec/lib/gitlab/slug/environment_spec.rb'
- - 'spec/migrations/20220107064845_populate_vulnerability_reads_spec.rb'
- - 'spec/migrations/20220524074947_finalize_backfill_null_note_discussion_ids_spec.rb'
- - 'spec/migrations/delete_security_findings_without_uuid_spec.rb'
- - 'spec/migrations/schedule_recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
- - 'spec/models/ci/artifact_blob_spec.rb'
- - 'spec/models/ci/job_artifact_spec.rb'
- - 'spec/models/ci/pipeline_spec.rb'
- - 'spec/models/ci/secure_file_spec.rb'
- - 'spec/models/ci/unit_test_spec.rb'
- - 'spec/models/concerns/checksummable_spec.rb'
- - 'spec/models/concerns/token_authenticatable_strategies/encryption_helper_spec.rb'
- - 'spec/models/design_management/version_spec.rb'
- - 'spec/models/diff_discussion_spec.rb'
- - 'spec/models/discussion_spec.rb'
- - 'spec/models/lfs_object_spec.rb'
- - 'spec/models/merge_request_diff_spec.rb'
- - 'spec/models/merge_request_spec.rb'
- - 'spec/models/note_spec.rb'
- - 'spec/models/pages_deployment_spec.rb'
- - 'spec/models/performance_monitoring/prometheus_panel_spec.rb'
- - 'spec/models/project_spec.rb'
- - 'spec/models/release_highlight_spec.rb'
- - 'spec/models/repository_spec.rb'
- - 'spec/models/token_with_iv_spec.rb'
- - 'spec/models/upload_spec.rb'
- - 'spec/requests/api/ci/runner/jobs_artifacts_spec.rb'
- - 'spec/requests/api/ci/secure_files_spec.rb'
- - 'spec/requests/openid_connect_spec.rb'
- - 'spec/services/dependency_proxy/find_cached_manifest_service_spec.rb'
- - 'spec/services/dependency_proxy/head_manifest_service_spec.rb'
- - 'spec/services/dependency_proxy/request_token_service_spec.rb'
- - 'spec/services/import_export_clean_up_service_spec.rb'
- - 'spec/services/pages/migrate_legacy_storage_to_deployment_service_spec.rb'
- - 'spec/services/projects/after_rename_service_spec.rb'
- - 'spec/services/projects/create_service_spec.rb'
- - 'spec/services/projects/lfs_pointers/lfs_download_service_spec.rb'
- - 'spec/support/helpers/workhorse_helpers.rb'
- - 'spec/support/migrations_helpers/vulnerabilities_findings_helper.rb'
- - 'spec/support/shared_examples/lib/gitlab/ci/ci_trace_shared_examples.rb'
- - 'spec/support/shared_examples/lib/gitlab/cycle_analytics/event_shared_examples.rb'
- - 'spec/support/shared_examples/lib/gitlab/position_formatters_shared_examples.rb'
- - 'spec/support/shared_examples/services/alert_management/alert_processing/alert_firing_shared_examples.rb'
- - 'spec/support/shared_examples/services/alert_management/alert_processing/alert_recovery_shared_examples.rb'
- - 'spec/support/shared_examples/services/metrics/dashboard_shared_examples.rb'
- - 'spec/support/shared_examples/services/packages/debian/generate_distribution_shared_examples.rb'
- - 'spec/support/shared_examples/uploaders/object_storage_shared_examples.rb'
- - 'spec/support/trace/trace_helpers.rb'
- - 'spec/uploaders/ci/secure_file_uploader_spec.rb'
- - 'spec/uploaders/job_artifact_uploader_spec.rb'
- - 'spec/validators/sha_validator_spec.rb'
- - 'spec/workers/update_head_pipeline_for_merge_request_worker_spec.rb'
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 7144b774b05..b60ef3d1d5d 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-5caf724a8305ea04370dc49f0d9a7d5f3bc8dd4a
+2b069d8536df98547acba92719b7554d1c7f2262
diff --git a/Gemfile b/Gemfile
index 195a4b2861b..aad6cbc551d 100644
--- a/Gemfile
+++ b/Gemfile
@@ -407,7 +407,7 @@ group :development, :test do
end
group :development, :test, :danger do
- gem 'gitlab-dangerfiles', '~> 3.4.0', require: false
+ gem 'gitlab-dangerfiles', '~> 3.3.0', require: false
end
group :development, :test, :coverage do
diff --git a/Gemfile.lock b/Gemfile.lock
index dab51a0803c..de2646f7d9c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -475,7 +475,7 @@ GEM
terminal-table (~> 1.5, >= 1.5.1)
gitlab-chronic (0.10.5)
numerizer (~> 0.2)
- gitlab-dangerfiles (3.4.0)
+ gitlab-dangerfiles (3.3.0)
danger (>= 8.4.5)
danger-gitlab (>= 8.0.0)
rake
@@ -1534,7 +1534,7 @@ DEPENDENCIES
gitaly (~> 15.1.0.pre.rc1)
github-markup (~> 1.7.0)
gitlab-chronic (~> 0.10.5)
- gitlab-dangerfiles (~> 3.4.0)
+ gitlab-dangerfiles (~> 3.3.0)
gitlab-experiment (~> 0.7.1)
gitlab-fog-azure-rm (~> 1.3.0)
gitlab-labkit (~> 0.23.0)
diff --git a/app/assets/javascripts/diffs/components/commit_item.vue b/app/assets/javascripts/diffs/components/commit_item.vue
index 54b648e8d03..ad163a2a615 100644
--- a/app/assets/javascripts/diffs/components/commit_item.vue
+++ b/app/assets/javascripts/diffs/components/commit_item.vue
@@ -134,7 +134,9 @@ export default {
class="avatar-cell d-none d-sm-block"
/>
</div>
- <div class="commit-detail flex-list">
+ <div
+ class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
+ >
<div class="commit-content" data-qa-selector="commit_content">
<a
v-safe-html:[$options.safeHtmlConfig]="commit.title_html"
diff --git a/app/assets/javascripts/repository/components/last_commit.vue b/app/assets/javascripts/repository/components/last_commit.vue
index d24d7648f1b..7db713fb872 100644
--- a/app/assets/javascripts/repository/components/last_commit.vue
+++ b/app/assets/javascripts/repository/components/last_commit.vue
@@ -131,7 +131,9 @@ export default {
:css-classes="'gl-mr-0!' /* NOTE: this is needed only while we migrate user-avatar-image to GlAvatar (7731 epics) */"
:size="32"
/>
- <div class="commit-detail flex-list">
+ <div
+ class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
+ >
<div class="commit-content qa-commit-content">
<gl-link
v-safe-html:[$options.safeHtmlConfig]="commit.titleHtml"
diff --git a/app/assets/stylesheets/pages/branches.scss b/app/assets/stylesheets/pages/branches.scss
index d34d309eea3..18158fab75f 100644
--- a/app/assets/stylesheets/pages/branches.scss
+++ b/app/assets/stylesheets/pages/branches.scss
@@ -1,9 +1,3 @@
-.content-list > .branch-item,
-.branch-title {
- display: flex;
- align-items: center;
-}
-
.branch-info {
flex: auto;
min-width: 0;
diff --git a/app/assets/stylesheets/pages/commits.scss b/app/assets/stylesheets/pages/commits.scss
index 80b9e378252..fab7efe03f6 100644
--- a/app/assets/stylesheets/pages/commits.scss
+++ b/app/assets/stylesheets/pages/commits.scss
@@ -133,18 +133,6 @@
}
}
-.commit-detail {
- display: flex;
- justify-content: space-between;
- align-items: start;
- flex-grow: 1;
- min-width: 0;
-
- .project-namespace {
- color: $gl-text-color-tertiary;
- }
-}
-
.commit-content {
padding-right: 10px;
white-space: normal;
diff --git a/app/views/projects/branches/_branch.html.haml b/app/views/projects/branches/_branch.html.haml
index e4ec7a43d61..1477ae66d80 100644
--- a/app/views/projects/branches/_branch.html.haml
+++ b/app/views/projects/branches/_branch.html.haml
@@ -1,9 +1,9 @@
- merged = local_assigns.fetch(:merged, false)
- commit = @repository.commit(branch.dereferenced_target)
- merge_project = merge_request_source_project_for_project(@project)
-%li{ class: "branch-item js-branch-item js-branch-#{branch.name}", data: { name: branch.name } }
+%li{ class: "branch-item gl-display-flex! gl-align-items-center! js-branch-item js-branch-#{branch.name}", data: { name: branch.name } }
.branch-info
- .branch-title
+ .gl-display-flex.gl-align-items-center
= sprite_icon('branch', size: 12, css_class: 'gl-flex-shrink-0')
= link_to project_tree_path(@project, branch.name), class: 'item-title str-truncated-100 ref-name gl-ml-3 qa-branch-name' do
= branch.name
diff --git a/app/views/projects/commits/_commit.html.haml b/app/views/projects/commits/_commit.html.haml
index 4442f62b221..71485e203db 100644
--- a/app/views/projects/commits/_commit.html.haml
+++ b/app/views/projects/commits/_commit.html.haml
@@ -24,7 +24,7 @@
.avatar-cell.d-none.d-sm-block
= author_avatar(commit, size: 40, has_tooltip: false)
- .commit-detail.flex-list
+ .commit-detail.flex-list.gl-display-flex.gl-justify-content-space-between.gl-align-items-flex-start.gl-flex-grow-1.gl-min-w-0
.commit-content{ data: { qa_selector: 'commit_content' } }
- if view_details && merge_request
= link_to commit.title, project_commit_path(project, commit.id, merge_request_iid: merge_request.iid), class: ["commit-row-message item-title js-onboarding-commit-item", ("font-italic" if commit.message.empty?)]
diff --git a/app/views/projects/empty.html.haml b/app/views/projects/empty.html.haml
index ce6d021ce2f..6f2e135f9d3 100644
--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -21,10 +21,10 @@
= _('You can get started by cloning the repository or start adding files to it with one of the following options.')
.project-buttons.qa-quick-actions
- .project-clone-holder.d-block.d-md-none.mt-2.mr-2
+ .project-clone-holder.d-block.d-md-none.gl-mt-3.gl-mr-3
= render "shared/mobile_clone_panel"
- .project-clone-holder.d-none.d-md-inline-block.mb-2.mr-2.float-left
+ .project-clone-holder.d-none.d-md-inline-block.gl-mb-3.gl-mr-3.float-left
= render "projects/buttons/clone"
= render 'stat_anchor_list', anchors: @project.empty_repo_statistics_buttons, project_buttons: true
diff --git a/app/workers/projects/refresh_build_artifacts_size_statistics_worker.rb b/app/workers/projects/refresh_build_artifacts_size_statistics_worker.rb
index a91af72cc2c..705bf0534f7 100644
--- a/app/workers/projects/refresh_build_artifacts_size_statistics_worker.rb
+++ b/app/workers/projects/refresh_build_artifacts_size_statistics_worker.rb
@@ -5,10 +5,6 @@ module Projects
include ApplicationWorker
include LimitedCapacity::Worker
- MAX_RUNNING_LOW = 2
- MAX_RUNNING_MEDIUM = 20
- MAX_RUNNING_HIGH = 50
-
data_consistency :always
feature_category :build_artifacts
@@ -37,12 +33,8 @@ module Projects
end
def max_running_jobs
- if ::Feature.enabled?(:projects_build_artifacts_size_refresh_high)
- MAX_RUNNING_HIGH
- elsif ::Feature.enabled?(:projects_build_artifacts_size_refresh_medium)
- MAX_RUNNING_MEDIUM
- elsif ::Feature.enabled?(:projects_build_artifacts_size_refresh_low)
- MAX_RUNNING_LOW
+ if ::Feature.enabled?(:projects_build_artifacts_size_refresh, type: :ops)
+ 10
else
0
end
diff --git a/config/feature_flags/development/group_name_path_vue.yml b/config/feature_flags/development/group_name_path_vue.yml
index 6ecb0eaf20e..71adb199b77 100644
--- a/config/feature_flags/development/group_name_path_vue.yml
+++ b/config/feature_flags/development/group_name_path_vue.yml
@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/363623
milestone: '15.1'
type: development
group: group::workspace
-default_enabled: false
+default_enabled: true
diff --git a/config/feature_flags/development/projects_build_artifacts_size_refresh_high.yml b/config/feature_flags/development/projects_build_artifacts_size_refresh_high.yml
deleted file mode 100644
index 77b5feafd6a..00000000000
--- a/config/feature_flags/development/projects_build_artifacts_size_refresh_high.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: projects_build_artifacts_size_refresh_high
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
-milestone: '14.9'
-type: development
-group: group::pipeline insights
-default_enabled: false
diff --git a/config/feature_flags/development/projects_build_artifacts_size_refresh_low.yml b/config/feature_flags/development/projects_build_artifacts_size_refresh_low.yml
deleted file mode 100644
index cefecb245e3..00000000000
--- a/config/feature_flags/development/projects_build_artifacts_size_refresh_low.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: projects_build_artifacts_size_refresh_low
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
-milestone: '14.9'
-type: development
-group: group::pipeline insights
-default_enabled: false
diff --git a/config/feature_flags/development/projects_build_artifacts_size_refresh_medium.yml b/config/feature_flags/development/projects_build_artifacts_size_refresh_medium.yml
deleted file mode 100644
index caeb6647782..00000000000
--- a/config/feature_flags/development/projects_build_artifacts_size_refresh_medium.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: projects_build_artifacts_size_refresh_medium
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81306
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356018
-milestone: '14.9'
-type: development
-group: group::pipeline insights
-default_enabled: false
diff --git a/config/feature_flags/ops/projects_build_artifacts_size_refresh.yml b/config/feature_flags/ops/projects_build_artifacts_size_refresh.yml
new file mode 100644
index 00000000000..8b54a0e3ff5
--- /dev/null
+++ b/config/feature_flags/ops/projects_build_artifacts_size_refresh.yml
@@ -0,0 +1,8 @@
+---
+name: projects_build_artifacts_size_refresh
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/84701
+rollout_issue_url:
+milestone: '15.1'
+type: ops
+group: group::pipeline insights
+default_enabled: true
diff --git a/danger/roulette/Dangerfile b/danger/roulette/Dangerfile
index 0e6af5792cd..527cdf58391 100644
--- a/danger/roulette/Dangerfile
+++ b/danger/roulette/Dangerfile
@@ -111,10 +111,6 @@ if changes.any?
markdown_row_for_spin(spin.category, spin)
end
- roulette.required_approvals.each do |approval|
- rows << markdown_row_for_spin(approval.category, approval.spin)
- end
-
markdown(REVIEW_ROULETTE_SECTION)
if rows.empty?
diff --git a/doc/development/dangerbot.md b/doc/development/dangerbot.md
index 003df4fe078..34b61858995 100644
--- a/doc/development/dangerbot.md
+++ b/doc/development/dangerbot.md
@@ -175,15 +175,7 @@ at GitLab so far:
- Database review
- Documentation review
- Merge request metrics
-- Reviewer roulette. Reviewers and maintainers are chosen based on:
- - Their roles (backend, frontend, database, etc).
- - Their availability:
- - No "OOO"/"PTO"/"Parental Leave" in their GitLab or Slack status.
- - No `:red_circle:`/`:palm_tree:`/`:beach:`/`:beach_umbrella:`/`:beach_with_umbrella:` emojis in GitLab or Slack status.
- - (Experimental) Their time zone: people for which the local hour is between
- 6 AM and 2 PM are eligible to be picked. This is to ensure they have a good
- chance to get to perform a review during their current work day. The experimentation is tracked in
- [this issue](https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/563)
+- [Reviewer roulette](code_review.md#reviewer-roulette)
- Single codebase effort
## Limitations
diff --git a/lib/tasks/gitlab/db.rake b/lib/tasks/gitlab/db.rake
index a446a17dfc3..026511d5943 100644
--- a/lib/tasks/gitlab/db.rake
+++ b/lib/tasks/gitlab/db.rake
@@ -367,5 +367,68 @@ namespace :gitlab do
Rake::Task['gitlab:db:execute_batched_migrations'].invoke
end
end
+
+ namespace :dictionary do
+ DB_DOCS_PATH = File.join(Rails.root, 'db', 'docs')
+
+ desc 'Generate database docs yaml'
+ task generate: :environment do
+ FileUtils.mkdir_p(DB_DOCS_PATH) unless Dir.exist?(DB_DOCS_PATH)
+
+ Rails.application.eager_load!
+
+ tables = Gitlab::Database.database_base_models.flat_map { |_, m| m.connection.tables }
+ classes = tables.to_h { |t| [t, []] }
+
+ Gitlab::Database.database_base_models.each do |_, model_class|
+ model_class
+ .descendants
+ .reject(&:abstract_class)
+ .reject { |c| c.name =~ /^(?:EE::)?Gitlab::(?:BackgroundMigration|DatabaseImporters)::/ }
+ .reject { |c| c.name =~ /^HABTM_/ }
+ .each { |c| classes[c.table_name] << c.name if classes.has_key?(c.table_name) }
+ end
+
+ version = Gem::Version.new(File.read('VERSION'))
+ milestone = version.release.segments[0..1].join('.')
+
+ tables.each do |table_name|
+ file = File.join(DB_DOCS_PATH, "#{table_name}.yml")
+
+ table_metadata = {
+ 'table_name' => table_name,
+ 'classes' => classes[table_name]&.sort&.uniq,
+ 'feature_categories' => [],
+ 'description' => nil,
+ 'introduced_by_url' => nil,
+ 'milestone' => milestone
+ }
+
+ if File.exist?(file)
+ outdated = false
+
+ existing_metadata = YAML.safe_load(File.read(file))
+
+ if existing_metadata['table_name'] != table_metadata['table_name']
+ existing_metadata['table_name'] = table_metadata['table_name']
+ outdated = true
+ end
+
+ if existing_metadata['classes'].difference(table_metadata['classes']).any?
+ existing_metadata['classes'] = table_metadata['classes']
+ outdated = true
+ end
+
+ File.write(file, existing_metadata.to_yaml) if outdated
+ else
+ File.write(file, table_metadata.to_yaml)
+ end
+ end
+ end
+
+ Rake::Task['db:migrate'].enhance do
+ Rake::Task['gitlab:db:dictionary:generate'].invoke if Rails.env.development?
+ end
+ end
end
end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 3f6743e6318..c0d9157ea5d 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -34110,6 +34110,9 @@ msgstr ""
msgid "SecurityOrchestration|Enforce security for this project. %{linkStart}More information.%{linkEnd}"
msgstr ""
+msgid "SecurityOrchestration|Failed to load cluster agents."
+msgstr ""
+
msgid "SecurityOrchestration|If any scanner finds a newly detected critical vulnerability in an open merge request targeting the master branch, then require two approvals from any member of App security."
msgstr ""
@@ -34401,6 +34404,9 @@ msgstr ""
msgid "SecurityReports|Check the messages generated while parsing the following security reports, as they may prevent the results from being ingested by GitLab. Ensure the security report conforms to a supported %{helpPageLinkStart}JSON schema%{helpPageLinkEnd}."
msgstr ""
+msgid "SecurityReports|Cluster"
+msgstr ""
+
msgid "SecurityReports|Comment added to '%{vulnerabilityName}'"
msgstr ""
@@ -44751,6 +44757,9 @@ msgstr ""
msgid "ciReport|API fuzzing"
msgstr ""
+msgid "ciReport|All clusters"
+msgstr ""
+
msgid "ciReport|All projects"
msgstr ""
diff --git a/scripts/process_custom_semgrep_results.sh b/scripts/process_custom_semgrep_results.sh
new file mode 100755
index 00000000000..28fb5c79598
--- /dev/null
+++ b/scripts/process_custom_semgrep_results.sh
@@ -0,0 +1,55 @@
+# This script requires BOT_USER_ID, CUSTOM_SAST_RULES_BOT_PAT and CI_MERGE_REQUEST_IID variables to be set
+
+echo "Processing vuln report"
+
+# Preparing the message for the comment that will be posted by the bot
+# Empty string if there are no findings
+jq -crM '.vulnerabilities |
+ map( select( .identifiers[0].name | test( "glappsec_" ) ) |
+ "- `" + .location.file + "` line " + ( .location.start_line | tostring ) +
+ (
+ if .location.start_line = .location.end_line then ""
+ else ( " to " + ( .location.end_line | tostring ) ) end
+ ) + ": " + .message
+ ) |
+ sort |
+ if length > 0 then
+ { body: ("The findings below have been detected based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) and need attention:\n\n" + join("\n") + "\n\n/cc @gitlab-com/gl-security/appsec") }
+ else
+ empty
+ end' gl-sast-report.json >findings.txt
+
+echo "Resulting file:"
+cat findings.txt
+
+EXISTING_COMMENT_ID=$(curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
+ --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" |
+ jq -crM 'map( select( .author.id == (env.BOT_USER_ID | tonumber) ) | .id ) | first')
+
+echo "EXISTING_COMMENT_ID: $EXISTING_COMMENT_ID"
+
+if [ "$EXISTING_COMMENT_ID" == "null" ]; then
+ if [ -s findings.txt ]; then
+ echo "No existing comment and there are findings: a new comment will be posted"
+ curl "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes" \
+ --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
+ --header 'Content-Type: application/json' \
+ --data '@findings.txt'
+ else
+ echo "No existing comment and no findings: nothing to do"
+ fi
+else
+ if [ -s findings.txt ]; then
+ echo "There is an existing comment and there are findings: the existing comment will be updated"
+ curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
+ --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
+ --header 'Content-Type: application/json' \
+ --data '@findings.txt'
+ else
+ echo "There is an existing comment but no findings: the existing comment will be updated to mention everything is resolved"
+ curl --request PUT "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/notes/$EXISTING_COMMENT_ID" \
+ --header "Private-Token: $CUSTOM_SAST_RULES_BOT_PAT" \
+ --header 'Content-Type: application/json' \
+ --data '{"body":"All findings based on the [AppSec custom Semgrep rules](https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/) have been resolved! :tada:"}'
+ fi
+fi
diff --git a/spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap b/spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap
index 4732d68c8c6..cb56f392ec9 100644
--- a/spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap
+++ b/spec/frontend/repository/components/__snapshots__/last_commit_spec.js.snap
@@ -17,7 +17,7 @@ exports[`Repository last commit component renders commit widget 1`] = `
/>
<div
- class="commit-detail flex-list"
+ class="commit-detail flex-list gl-display-flex gl-justify-content-space-between gl-align-items-flex-start gl-flex-grow-1 gl-min-w-0"
>
<div
class="commit-content qa-commit-content"
diff --git a/spec/workers/projects/refresh_build_artifacts_size_statistics_worker_spec.rb b/spec/workers/projects/refresh_build_artifacts_size_statistics_worker_spec.rb
index 4a6a525a5a7..c7e45e7e4d7 100644
--- a/spec/workers/projects/refresh_build_artifacts_size_statistics_worker_spec.rb
+++ b/spec/workers/projects/refresh_build_artifacts_size_statistics_worker_spec.rb
@@ -62,32 +62,11 @@ RSpec.describe Projects::RefreshBuildArtifactsSizeStatisticsWorker do
describe '#max_running_jobs' do
subject { worker.max_running_jobs }
- context 'when all projects_build_artifacts_size_refresh flags are enabled' do
- it { is_expected.to eq(described_class::MAX_RUNNING_HIGH) }
- end
-
- context 'when projects_build_artifacts_size_refresh_high flags is disabled' do
- before do
- stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
- end
-
- it { is_expected.to eq(described_class::MAX_RUNNING_MEDIUM) }
- end
-
- context 'when projects_build_artifacts_size_refresh_high and projects_build_artifacts_size_refresh_medium flags are disabled' do
- before do
- stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
- stub_feature_flags(projects_build_artifacts_size_refresh_medium: false)
- end
-
- it { is_expected.to eq(described_class::MAX_RUNNING_LOW) }
- end
+ it { is_expected.to eq(10) }
- context 'when all projects_build_artifacts_size_refresh flags are disabled' do
+ context 'when projects_build_artifacts_size_refresh flag is disabled' do
before do
- stub_feature_flags(projects_build_artifacts_size_refresh_low: false)
- stub_feature_flags(projects_build_artifacts_size_refresh_medium: false)
- stub_feature_flags(projects_build_artifacts_size_refresh_high: false)
+ stub_feature_flags(projects_build_artifacts_size_refresh: false)
end
it { is_expected.to eq(0) }
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-28 11:28:10 +0300