diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-11 06:08:52 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-11 06:08:52 +0300 |
commit | 988f8190b39847793faba06375973f8d4a024426 (patch) | |
tree | bad08d45ee4c080e8631240e8083cd3cfeda088c | |
parent | a18ca85c05efe431c3a1faf6c9f4257638b73493 (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | Gemfile.checksum | 4 | ||||
-rw-r--r-- | Gemfile.lock | 10 | ||||
-rw-r--r-- | app/models/deployment.rb | 2 | ||||
-rw-r--r-- | doc/.vale/gitlab/BadgeCapitalization.yml | 14 | ||||
-rw-r--r-- | doc/.vale/gitlab/Uppercase.yml | 2 | ||||
-rw-r--r-- | doc/architecture/blueprints/gitlab_housekeeper/index.md | 3 | ||||
-rw-r--r-- | doc/development/merge_request_concepts/diffs/index.md | 3 | ||||
-rw-r--r-- | doc/user/application_security/index.md | 20 | ||||
-rw-r--r-- | doc/user/application_security/policies/scan-execution-policies.md | 10 | ||||
-rw-r--r-- | doc/user/project/merge_requests/reviews/index.md | 2 | ||||
-rw-r--r-- | lib/gitlab/github_import/user_finder.rb | 16 | ||||
-rw-r--r-- | spec/lib/gitlab/github_import/user_finder_spec.rb | 24 | ||||
-rw-r--r-- | spec/models/deployment_spec.rb | 12 |
14 files changed, 88 insertions, 38 deletions
@@ -203,7 +203,7 @@ gem 'seed-fu', '~> 2.3.7' # rubocop:todo Gemfile/MissingFeatureCategory gem 'elasticsearch-model', '~> 7.2' # rubocop:todo Gemfile/MissingFeatureCategory gem 'elasticsearch-rails', '~> 7.2', require: 'elasticsearch/rails/instrumentation' # rubocop:todo Gemfile/MissingFeatureCategory gem 'elasticsearch-api', '7.13.3' # rubocop:todo Gemfile/MissingFeatureCategory -gem 'aws-sdk-core', '~> 3.190.1' # rubocop:todo Gemfile/MissingFeatureCategory +gem 'aws-sdk-core', '~> 3.190.2' # rubocop:todo Gemfile/MissingFeatureCategory gem 'aws-sdk-cloudformation', '~> 1' # rubocop:todo Gemfile/MissingFeatureCategory gem 'aws-sdk-s3', '~> 1.142.0' # rubocop:todo Gemfile/MissingFeatureCategory gem 'faraday_middleware-aws-sigv4', '~>0.3.0' # rubocop:todo Gemfile/MissingFeatureCategory @@ -436,7 +436,7 @@ group :development, :test do gem 'gitlab-styles', '~> 11.0.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory - gem 'haml_lint', '~> 0.52', require: false # rubocop:todo Gemfile/MissingFeatureCategory + gem 'haml_lint', '~> 0.53', require: false # rubocop:todo Gemfile/MissingFeatureCategory gem 'bundler-audit', '~> 0.9.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory # Benchmarking & profiling diff --git a/Gemfile.checksum b/Gemfile.checksum index 10ffeac0d26..1b529e0a14f 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -37,7 +37,7 @@ {"name":"aws-eventstream","version":"1.3.0","platform":"ruby","checksum":"f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f"}, {"name":"aws-partitions","version":"1.877.0","platform":"ruby","checksum":"9552ed7bbd3700ed1eeb0121c160ceaf64fa5dbaff5a1ff5fe6fd8481ecd9cfd"}, {"name":"aws-sdk-cloudformation","version":"1.41.0","platform":"ruby","checksum":"31e47539719734413671edf9b1a31f8673fbf9688549f50c41affabbcb1c6b26"}, -{"name":"aws-sdk-core","version":"3.190.1","platform":"ruby","checksum":"b02aa7981f955c6021405c89b66e99061b99e2edc4f5b48c0f3dc742dd53daaa"}, +{"name":"aws-sdk-core","version":"3.190.2","platform":"ruby","checksum":"5d97bd8ebfff08b51c38e37dace3d919fa7c708696da01b1d343f2bbaf472e7d"}, {"name":"aws-sdk-kms","version":"1.76.0","platform":"ruby","checksum":"e7f75013cba9ba357144f66bbc600631c192e2cda9dd572794be239654e2cf49"}, {"name":"aws-sdk-s3","version":"1.142.0","platform":"ruby","checksum":"79cd888eca66fd2ef3ae8b74d76173a2eccbeff6a1bba62a60b7c7dadc8dd7e9"}, {"name":"aws-sigv4","version":"1.8.0","platform":"ruby","checksum":"84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc"}, @@ -287,7 +287,7 @@ {"name":"guard-compat","version":"1.2.1","platform":"ruby","checksum":"3ad21ab0070107f92edfd82610b5cdc2fb8e368851e72362ada9703443d646fe"}, {"name":"guard-rspec","version":"4.7.3","platform":"ruby","checksum":"a47ba03cbd1e3c71e6ae8645cea97e203098a248aede507461a43e906e2f75ca"}, {"name":"haml","version":"5.2.2","platform":"ruby","checksum":"6e759246556145642ef832d670fc06f9bd8539159a0e600847a00291dd7aae0c"}, -{"name":"haml_lint","version":"0.52.0","platform":"ruby","checksum":"76326b0f1a412558303bca983bd1bbb6e46555386589174502d263b9918114ea"}, +{"name":"haml_lint","version":"0.53.0","platform":"ruby","checksum":"223dc1b5abfec7a7bedd2d2c409752e8811a5d53cc71c8ef7be329d05bf91b18"}, {"name":"hamlit","version":"2.15.0","platform":"java","checksum":"fda165464e59337ab7cda6304a66bfdb607bb7155f25566da19c9ee7b98e03d1"}, {"name":"hamlit","version":"2.15.0","platform":"ruby","checksum":"d2e8505362338945fa309c68b2b8be07ebdc181200ec6021223567bf66dac38e"}, {"name":"hana","version":"1.3.7","platform":"ruby","checksum":"5425db42d651fea08859811c29d20446f16af196308162894db208cac5ce9b0d"}, diff --git a/Gemfile.lock b/Gemfile.lock index 6520598664b..b087aedf845 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -301,7 +301,7 @@ GEM aws-sdk-cloudformation (1.41.0) aws-sdk-core (~> 3, >= 3.99.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.190.1) + aws-sdk-core (3.190.2) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) @@ -883,8 +883,8 @@ GEM haml (5.2.2) temple (>= 0.8.0) tilt - haml_lint (0.52.0) - haml (>= 4.0) + haml_lint (0.53.0) + haml (>= 5.0) parallel (~> 1.10) rainbow rubocop (>= 1.0) @@ -1817,7 +1817,7 @@ DEPENDENCIES autoprefixer-rails (= 10.2.5.1) awesome_print aws-sdk-cloudformation (~> 1) - aws-sdk-core (~> 3.190.1) + aws-sdk-core (~> 3.190.2) aws-sdk-s3 (~> 1.142.0) axe-core-rspec babosa (~> 2.0) @@ -1942,7 +1942,7 @@ DEPENDENCIES grpc (~> 1.58.0) gssapi (~> 1.3.1) guard-rspec - haml_lint (~> 0.52) + haml_lint (~> 0.53) hamlit (~> 2.15.0) hashie (~> 5.0.0) health_check (~> 3.0) diff --git a/app/models/deployment.rb b/app/models/deployment.rb index 66456413a98..1fff089451d 100644 --- a/app/models/deployment.rb +++ b/app/models/deployment.rb @@ -231,7 +231,7 @@ class Deployment < ApplicationRecord ## # FastDestroyAll concerns def begin_fast_destroy - preload(:project).find_each.map do |deployment| + preload(:project, :environment).find_each.map do |deployment| [deployment.project, deployment.ref_path] end end diff --git a/doc/.vale/gitlab/BadgeCapitalization.yml b/doc/.vale/gitlab/BadgeCapitalization.yml deleted file mode 100644 index a44bcbc0a7d..00000000000 --- a/doc/.vale/gitlab/BadgeCapitalization.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Error: gitlab.BadgeCapitalization -# -# Verifies that badges are not mixed case, which won't render properly. -# -# For a list of all options, see https://vale.sh/docs/topics/styles/ -extends: existence -message: "Capitalize the '%s' badge." -link: https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges -level: error -scope: raw -raw: - - '(?!\*\*\((FREE|PREMIUM|ULTIMATE)( (SELF|SAAS|ALL) (BETA|EXPERIMENT))?\)\*\*)' - - '(?i)\*\*\((free|premium|ultimate)( (self|saas|all) (beta|experiment))?\)\*\*' diff --git a/doc/.vale/gitlab/Uppercase.yml b/doc/.vale/gitlab/Uppercase.yml index b13ebe2c0a8..01837726b91 100644 --- a/doc/.vale/gitlab/Uppercase.yml +++ b/doc/.vale/gitlab/Uppercase.yml @@ -64,6 +64,8 @@ exceptions: - DORA - DSA - DSL + - DUOPRO + - DUOENT - DVCS - DVD - EBS diff --git a/doc/architecture/blueprints/gitlab_housekeeper/index.md b/doc/architecture/blueprints/gitlab_housekeeper/index.md index 76ff032bbcf..fcb5590772d 100644 --- a/doc/architecture/blueprints/gitlab_housekeeper/index.md +++ b/doc/architecture/blueprints/gitlab_housekeeper/index.md @@ -14,7 +14,8 @@ participating-stages: [] ## Summary -This blueprint documents the philosophy behind the "GitLab Housekeeper" gem +This blueprint documents the philosophy behind the +["GitLab Housekeeper" gem](https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-housekeeper) which was introduced in <https://gitlab.com/gitlab-org/gitlab/-/merge_requests/139492> and has already been used to create many merge requests. diff --git a/doc/development/merge_request_concepts/diffs/index.md b/doc/development/merge_request_concepts/diffs/index.md index ad0e8603983..eb7c836e610 100644 --- a/doc/development/merge_request_concepts/diffs/index.md +++ b/doc/development/merge_request_concepts/diffs/index.md @@ -28,6 +28,7 @@ codebase in the future: - <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [Recording on YouTube](https://www.youtube.com/watch?v=K6G3gMcFyek) + <!-- Video published on 2019-01-29 --> - Slides on [Google Slides](https://docs.google.com/presentation/d/1bGutFH2AT3bxOPZuLMGl1ANWHqFnrxwQwjiwAZkF-TU/edit) - [PDF slides](https://gitlab.com/gitlab-org/create-stage/uploads/b5ad2f336e0afcfe0f99db0af0ccc71a/) @@ -192,7 +193,7 @@ has been introduced. One of the key challenges to deal with when working on merge ref diffs are merge conflicts. If the target and source branch contains a merge conflict, the branches cannot be automatically merged. The -<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [recording on YouTube](https://www.youtube.com/watch?v=GFXIFA4ZuZw&feature=youtu.be&ab_channel=GitLabUnfiltered) +<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [recording on YouTube](https://www.youtube.com/watch?v=GFXIFA4ZuZw&feature=youtu.be&ab_channel=GitLabUnfiltered) <!-- Video published on 2020-07-24 --> is a quick introduction to the problem and the motivation behind the [epic](https://gitlab.com/groups/gitlab-org/-/epics/854). In 13.5 a solution for both-modified merge diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index da1439ed13e..6441f74a41b 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -282,17 +282,25 @@ The merge request security widget displays only a subset of the vulnerabilities From the merge request security widget, select **Expand** to unfold the widget, displaying any new and no longer detected (removed) findings by scan type. -For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity. To see all -findings, select **View full report** to go directly to the **Security** tab in the latest branch pipeline. +For each security report type, the widget displays the first 25 added and 25 fixed findings, sorted by severity. +This is determined by comparing the security reports from the source branch and target branch pipelines. + +As an example, consider two pipelines with these scan results: + +- The source branch pipeline detects two vulnerabilities identified as `V1` and `V2`. +- The target branch pipeline detects two vulnerabilities identified as `V1` and `V3`. +- `V2` will show on the merge request widget as "added". +- `V3` will show on the merge request widget as "fixed". +- `V1` exists on both branches and is not shown on the merge request widget. + +To see all findings on the source branch of the merge request, select **View full report** to go directly to the **Security** tab in the latest source branch pipeline. ![Security scanning results in a merge request](img/mr_security_scanning_results_v14_3.png) ### Pipeline security tab -A pipeline's security tab lists all findings in the current branch. It includes findings introduced -by this branch and vulnerabilities already present in the base branch. These results likely do not -match the findings displayed in the Merge Request security widget, as those do not include the -existing vulnerabilities. For more information see +A pipeline's security tab lists all findings from the security reports in the pipeline's +job artifacts. For more information see [Vulnerabilities in a pipeline](vulnerability_report/pipeline.md). ### Security dashboard diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index 58d9c0b44f1..92817b70b6c 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -351,11 +351,11 @@ enforced by the policy. #### `ci_configuration_path` object -| Field | Type | Description | -|-----------|---------------------|-------------| -| `project` | `string` | A project namespace path. | -| `file` | `string` | The file name of the CI/CD YAML file. | -| `ref` | `string` (optional) | The branch name, tag name, or commit SHA. | +| Field | Type | Required | Description | +|-----------|---------------------|----------|-------------| +| `project` | `string` | true | A project namespace path. | +| `file` | `string` | true | The file name of the CI/CD YAML file. | +| `ref` | `string` | false | The branch name, tag name, or commit SHA. If not specified, uses the default branch. | #### `scan` action type diff --git a/doc/user/project/merge_requests/reviews/index.md b/doc/user/project/merge_requests/reviews/index.md index 23b1207619e..78e4c19dd57 100644 --- a/doc/user/project/merge_requests/reviews/index.md +++ b/doc/user/project/merge_requests/reviews/index.md @@ -19,6 +19,7 @@ review merge requests in Visual Studio Code. <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For an overview, see [Merge request review](https://www.youtube.com/watch?v=2MayfXKpU08&list=PLFGfElNsQthYDx0A_FaNNfUm9NHsK6zED&index=183). +<!-- Video published on 2023-04-29 --> ## GitLab Duo Suggested Reviewers **(ULTIMATE SAAS)** @@ -31,6 +32,7 @@ GitLab uses machine learning to suggest reviewers for your merge request. <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For an overview, see [GitLab Duo Suggested Reviewers](https://www.youtube.com/embed/ivwZQgh4Rxw). +<!-- Video published on 2023-11-03 --> To suggest reviewers, GitLab uses: diff --git a/lib/gitlab/github_import/user_finder.rb b/lib/gitlab/github_import/user_finder.rb index 925b0c7a019..bec4c7fc4d4 100644 --- a/lib/gitlab/github_import/user_finder.rb +++ b/lib/gitlab/github_import/user_finder.rb @@ -219,6 +219,13 @@ module Gitlab "gitlab:github_import:user_finder:#{project.id}" end + # Retrieves the email associated with the given username from the cache. + # + # The return value can be an email, an empty string, or nil. + # + # If an empty string is returned, it indicates that the user's email was fetched but not set on GitHub. + # If nil is returned, it indicates that the user's email wasn't fetched or the cache has expired. + # If an email is returned, it means the user has a public email set, and it has been successfully cached. def read_email_from_cache(username) Gitlab::Cache::Import::Caching.read(email_cache_key(username)) end @@ -238,7 +245,7 @@ module Gitlab if retried email = read_email_from_cache(username) - next email if email + next email if email.present? end log(EMAIL_API_CALL_LOGGING_MESSAGE[etag.present?], username: username) @@ -249,6 +256,11 @@ module Gitlab end end + # Caches the email associated to the username + # + # An empty email is cached when the user email isn't set on GitHub. + # This is done to prevent UserFinder from fetching the user's email again when the user's email isn't set on + # GitHub def cache_email!(username, email) return unless email @@ -256,6 +268,8 @@ module Gitlab end def cache_etag!(username) + return unless client.octokit.last_response + etag = client.octokit.last_response.headers[:etag] Gitlab::Cache::Import::Caching.write(etag_cache_key(username), etag) end diff --git a/spec/lib/gitlab/github_import/user_finder_spec.rb b/spec/lib/gitlab/github_import/user_finder_spec.rb index 31118c798e4..998fa8b2c9f 100644 --- a/spec/lib/gitlab/github_import/user_finder_spec.rb +++ b/spec/lib/gitlab/github_import/user_finder_spec.rb @@ -461,6 +461,30 @@ RSpec.describe Gitlab::GithubImport::UserFinder, :clean_gitlab_redis_cache, feat it_behaves_like 'a user resource not found on GitHub' end + + context 'if the cached etag is nil' do + context 'when lock was executed by another process and an email was fetched' do + it 'does not fetch user detail' do + expect(finder).to receive(:read_email_from_cache).ordered.and_return('') + expect(finder).to receive(:read_email_from_cache).ordered.and_return(email) + expect(finder).to receive(:in_lock).and_yield(true) + expect(client).not_to receive(:user) + + email_for_github_username + end + end + + context 'when lock was executed by another process and an email in cache is still blank' do + it 'fetch user detail' do + expect(finder).to receive(:read_email_from_cache).ordered.and_return('') + expect(finder).to receive(:read_email_from_cache).ordered.and_return('') + expect(finder).to receive(:in_lock).and_yield(true) + expect(client).to receive(:user).with(username, { headers: {} }).and_return({ email: email }).once + + email_for_github_username + end + end + end end context 'if the email has been checked for the project' do diff --git a/spec/models/deployment_spec.rb b/spec/models/deployment_spec.rb index 2beab48fb73..d260e75871d 100644 --- a/spec/models/deployment_spec.rb +++ b/spec/models/deployment_spec.rb @@ -1539,6 +1539,18 @@ RSpec.describe Deployment, feature_category: :continuous_delivery do expect(project.commit(deployment.ref_path)).not_to be_nil end end + + it 'does not trigger N+1 queries' do + project = create(:project, :repository) + environment = create(:environment, project: project) + create(:deployment, environment: environment, project: project) + + control = ActiveRecord::QueryRecorder.new { project.deployments.fast_destroy_all } + + create_list(:deployment, 2, environment: environment, project: project) + + expect { project.deployments.fast_destroy_all }.not_to exceed_query_limit(control) + end end describe '#update_merge_request_metrics!' do |