diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-11 03:09:45 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-11 03:09:45 +0300 |
| commit | 4f1e40017d9eadb0abeeb89d9690a8e5f0694fd9 (patch) | |
| tree | c02455f9e9ff3092c2b4a3b00b2069d72f5d9507 | |
| parent | 20a18d1f9bf452c1dd2ef996bee50e34cfcb80f4 (diff) | |
Add latest changes from gitlab-org/gitlab@master
82 files changed, 457 insertions, 263 deletions
diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md index e1c5928b950..7ef5287aba8 100644 --- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md +++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md @@ -392,7 +392,7 @@ That's all of the required database changes. ``` - [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`. -- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`. +- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`. - [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`. - [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`. - [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`: @@ -539,11 +539,6 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` - `geo_cool_widgets_verification_total` - `geo_cool_widgets_verified` - `geo_cool_widgets_verification_failed` -- [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`: - - ```ruby - Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry - ``` Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus. diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md index 9158885262d..17a4dd4bc3e 100644 --- a/.gitlab/issue_templates/Geo Replicate a new blob type.md +++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md @@ -358,7 +358,7 @@ That's all of the required database changes. ``` - [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`. -- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`. +- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`. - [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`. - [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`. - [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`: @@ -503,11 +503,6 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` - `geo_cool_widgets_verification_total` - `geo_cool_widgets_verified` - `geo_cool_widgets_verification_failed` -- [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`: - - ```ruby - Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry - ``` Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus. diff --git a/.rubocop_todo/layout/hash_alignment.yml b/.rubocop_todo/layout/hash_alignment.yml index 94cba6f59bf..bb901088545 100644 --- a/.rubocop_todo/layout/hash_alignment.yml +++ b/.rubocop_todo/layout/hash_alignment.yml @@ -208,27 +208,6 @@ Layout/HashAlignment: - 'ee/spec/support/shared_examples/status_page/publish_shared_examples.rb' - 'ee/spec/support/shared_examples/status_page/reference_links_examples.rb' - 'ee/spec/workers/scan_security_report_secrets_worker_spec.rb' - - 'lib/api/applications.rb' - - 'lib/api/broadcast_messages.rb' - - 'lib/api/bulk_imports.rb' - - 'lib/api/ci/job_artifacts.rb' - - 'lib/api/ci/jobs.rb' - - 'lib/api/ci/pipelines.rb' - - 'lib/api/ci/runner.rb' - - 'lib/api/ci/runners.rb' - - 'lib/api/concerns/packages/debian_distribution_endpoints.rb' - - 'lib/api/debian_project_packages.rb' - - 'lib/api/deploy_tokens.rb' - - 'lib/api/entities/project.rb' - - 'lib/api/feature_flags.rb' - - 'lib/api/features.rb' - - 'lib/api/group_labels.rb' - - 'lib/api/group_packages.rb' - - 'lib/api/groups.rb' - - 'lib/api/helm_packages.rb' - - 'lib/api/helpers/groups_helpers.rb' - - 'lib/api/helpers/merge_requests_helpers.rb' - - 'lib/api/helpers/snippets_helpers.rb' - 'lib/api/issue_links.rb' - 'lib/api/issues.rb' - 'lib/api/labels.rb' diff --git a/app/models/project.rb b/app/models/project.rb index 23e10a00e59..b0eb273e526 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2259,6 +2259,7 @@ class Project < ApplicationRecord .concat(dependency_proxy_variables) .concat(auto_devops_variables) .concat(api_variables) + .concat(ci_template_variables) end end @@ -2312,6 +2313,12 @@ class Project < ApplicationRecord end end + def ci_template_variables + Gitlab::Ci::Variables::Collection.new.tap do |variables| + variables.append(key: 'CI_TEMPLATE_REGISTRY_HOST', value: 'registry.gitlab.com') + end + end + def dependency_proxy_variables Gitlab::Ci::Variables::Collection.new.tap do |variables| break variables unless Gitlab.config.dependency_proxy.enabled diff --git a/app/services/groups/import_export/export_service.rb b/app/services/groups/import_export/export_service.rb index 2bfd5a5ebab..bd54b48c5f4 100644 --- a/app/services/groups/import_export/export_service.rb +++ b/app/services/groups/import_export/export_service.rb @@ -49,13 +49,23 @@ module Groups # We cannot include the file_saver with the other savers because # it removes the tmp dir. This means that if we want to add new savers # in EE the data won't be available. - if savers.all?(&:save) && file_saver.save + if save_exporters && file_saver.save notify_success else notify_error! end end + def save_exporters + log_info('Group export started') + + savers.all? do |exporter| + log_info("#{exporter.class.name} saver started") + + exporter.save + end + end + def savers [version_saver, tree_exporter] end @@ -99,12 +109,16 @@ module Groups raise Gitlab::ImportExport::Error, shared.errors.to_sentence end - def notify_success + def log_info(message) @logger.info( - message: 'Group Export succeeded', + message: message, group_id: group.id, group_name: group.name ) + end + + def notify_success + log_info('Group Export succeeded') notification_service.group_was_exported(group, current_user) end diff --git a/app/services/projects/import_export/export_service.rb b/app/services/projects/import_export/export_service.rb index d8d35422590..fb791115c5b 100644 --- a/app/services/projects/import_export/export_service.rb +++ b/app/services/projects/import_export/export_service.rb @@ -54,15 +54,21 @@ module Projects end def save_all! + log_info('Project export started') + if save_exporters && save_export_archive - notify_success + log_info('Project successfully exported') else notify_error! end end def save_exporters - exporters.all?(&:save) + exporters.all? do |exporter| + log_info("#{exporter.class.name} saver started") + + exporter.save + end end def save_export_archive @@ -127,11 +133,10 @@ module Projects raise Gitlab::ImportExport::Error, shared.errors.to_sentence end - def notify_success + def log_info(message) logger.info( - message: 'Project successfully exported', - project_name: project.name, - project_id: project.id + message: message, + **log_base_data ) end @@ -139,8 +144,7 @@ module Projects logger.error( message: 'Project export error', export_errors: shared.errors.join(', '), - project_name: project.name, - project_id: project.id + **log_base_data ) user = current_user @@ -150,6 +154,10 @@ module Projects NotificationService.new.project_not_exported(project, user, errors) end end + + def log_base_data + @log_base_data ||= Gitlab::ImportExport::LogUtil.exportable_to_log_payload(project) + end end end end diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md index e1131d47276..155da719300 100644 --- a/doc/user/profile/account/two_factor_authentication.md +++ b/doc/user/profile/account/two_factor_authentication.md @@ -355,8 +355,7 @@ After you use a recovery code, you cannot re-use it. You can still use the other ### Generate new recovery codes using SSH -Users often forget to save their recovery codes when enabling 2FA. If you added an SSH key to your -GitLab account, you can generate a new set of recovery codes with SSH: +If you forget to save your recovery codes when enabling 2FA, and you added an SSH key to your GitLab account, you can generate a new set of recovery codes with SSH: 1. In a terminal, run: diff --git a/lib/api/applications.rb b/lib/api/applications.rb index 346bd6ccfe4..70488621f33 100644 --- a/lib/api/applications.rb +++ b/lib/api/applications.rb @@ -17,8 +17,10 @@ module API requires :redirect_uri, type: String, desc: 'Application redirect URI' requires :scopes, type: String, desc: 'Application scopes', allow_blank: false - optional :confidential, type: Boolean, default: true, - desc: 'Application will be used where the client secret is confidential' + optional :confidential, + type: Boolean, + default: true, + desc: 'Application will be used where the client secret is confidential' end post do application = Doorkeeper::Application.new(declared_params) diff --git a/lib/api/broadcast_messages.rb b/lib/api/broadcast_messages.rb index e818cad0d03..6af7c3b4804 100644 --- a/lib/api/broadcast_messages.rb +++ b/lib/api/broadcast_messages.rb @@ -37,8 +37,11 @@ module API optional :ends_at, type: DateTime, desc: 'Ending time', default: -> { 1.hour.from_now } optional :color, type: String, desc: 'Background color' optional :font, type: String, desc: 'Foreground color' - optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, - values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles' + optional :target_access_levels, + type: Array[Integer], + coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, + values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, + desc: 'Target user roles' optional :target_path, type: String, desc: 'Target path' optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast type. Defaults to banner', default: -> { 'banner' } optional :dismissable, type: Boolean, desc: 'Is dismissable' @@ -79,8 +82,11 @@ module API optional :ends_at, type: DateTime, desc: 'Ending time' optional :color, type: String, desc: 'Background color' optional :font, type: String, desc: 'Foreground color' - optional :target_access_levels, type: Array[Integer], coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, - values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, desc: 'Target user roles' + optional :target_access_levels, + type: Array[Integer], + coerce_with: Validations::Types::CommaSeparatedToIntegerArray.coerce, + values: BroadcastMessage::ALLOWED_TARGET_ACCESS_LEVELS, + desc: 'Target user roles' optional :target_path, type: String, desc: 'Target path' optional :broadcast_type, type: String, values: BroadcastMessage.broadcast_types.keys, desc: 'Broadcast Type' optional :dismissable, type: Boolean, desc: 'Is dismissable' diff --git a/lib/api/bulk_imports.rb b/lib/api/bulk_imports.rb index bbc720150b9..2c6adc0f37b 100644 --- a/lib/api/bulk_imports.rb +++ b/lib/api/bulk_imports.rb @@ -44,12 +44,15 @@ module API requires :access_token, type: String, desc: 'Access token to the source GitLab instance' end requires :entities, type: Array, desc: 'List of entities to import' do - requires :source_type, type: String, desc: 'Source entity type (only `group_entity` is supported)', + requires :source_type, + type: String, + desc: 'Source entity type (only `group_entity` is supported)', values: %w[group_entity] requires :source_full_path, type: String, desc: 'Source full path of the entity to import' requires :destination_namespace, type: String, desc: 'Destination namespace for the entity' optional :destination_slug, type: String, desc: 'Destination slug for the entity' - optional :destination_name, type: String, + optional :destination_name, + type: String, desc: 'Deprecated: Use :destination_slug instead. Destination slug for the entity' mutually_exclusive :destination_slug, :destination_name @@ -84,9 +87,9 @@ module API params do use :pagination optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' + desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' optional :status, type: String, values: BulkImport.all_human_statuses, - desc: 'Return GitLab Migrations with specified status' + desc: 'Return GitLab Migrations with specified status' end get do present paginate(bulk_imports), with: Entities::BulkImport @@ -98,9 +101,9 @@ module API params do use :pagination optional :sort, type: String, values: %w[asc desc], default: 'desc', - desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' + desc: 'Return GitLab Migrations sorted in created by `asc` or `desc` order.' optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses, - desc: "Return all GitLab Migrations' entities with specified status" + desc: "Return all GitLab Migrations' entities with specified status" end get :entities do entities = ::BulkImports::EntitiesFinder.new( @@ -127,7 +130,7 @@ module API params do requires :import_id, type: Integer, desc: "The ID of user's GitLab Migration" optional :status, type: String, values: ::BulkImports::Entity.all_human_statuses, - desc: 'Return import entities with specified status' + desc: 'Return import entities with specified status' use :pagination end get ':import_id/entities' do diff --git a/lib/api/ci/job_artifacts.rb b/lib/api/ci/job_artifacts.rb index 8b332f96be0..b843404e9d7 100644 --- a/lib/api/ci/job_artifacts.rb +++ b/lib/api/ci/job_artifacts.rb @@ -30,15 +30,16 @@ module API requires :job, type: String, desc: 'The name for the job' end route_setting :authentication, job_token_allowed: true - get ':id/jobs/artifacts/:ref_name/download', urgency: :low, - requirements: { ref_name: /.+/ } do - authorize_download_artifacts! + get ':id/jobs/artifacts/:ref_name/download', + urgency: :low, + requirements: { ref_name: /.+/ } do + authorize_download_artifacts! - latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) - authorize_read_job_artifacts!(latest_build) + latest_build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) + authorize_read_job_artifacts!(latest_build) - present_artifacts_file!(latest_build.artifacts_file) - end + present_artifacts_file!(latest_build.artifacts_file) + end desc 'Download a specific file from artifacts archive from a ref' do detail 'This feature was introduced in GitLab 11.5' @@ -49,21 +50,22 @@ module API requires :artifact_path, type: String, desc: 'Artifact path' end route_setting :authentication, job_token_allowed: true - get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', urgency: :low, - format: false, - requirements: { ref_name: /.+/ } do - authorize_download_artifacts! + get ':id/jobs/artifacts/:ref_name/raw/*artifact_path', + urgency: :low, + format: false, + requirements: { ref_name: /.+/ } do + authorize_download_artifacts! - build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) - authorize_read_job_artifacts!(build) + build = user_project.latest_successful_build_for_ref!(params[:job], params[:ref_name]) + authorize_read_job_artifacts!(build) - path = Gitlab::Ci::Build::Artifacts::Path - .new(params[:artifact_path]) + path = Gitlab::Ci::Build::Artifacts::Path + .new(params[:artifact_path]) - bad_request! unless path.valid? + bad_request! unless path.valid? - send_artifacts_entry(build.artifacts_file, path) - end + send_artifacts_entry(build.artifacts_file, path) + end desc 'Download the artifacts archive from a job' do detail 'This feature was introduced in GitLab 8.5' diff --git a/lib/api/ci/jobs.rb b/lib/api/ci/jobs.rb index 97471d3c96e..cd5f1f77ced 100644 --- a/lib/api/ci/jobs.rb +++ b/lib/api/ci/jobs.rb @@ -152,8 +152,8 @@ module API end params do requires :job_id, type: Integer, desc: 'The ID of a Job' - optional :job_variables_attributes, type: Array, - desc: 'User defined variables that will be included when running the job' do + optional :job_variables_attributes, + type: Array, desc: 'User defined variables that will be included when running the job' do requires :key, type: String, desc: 'The name of the variable' requires :value, type: String, desc: 'The value of the variable' end diff --git a/lib/api/ci/pipelines.rb b/lib/api/ci/pipelines.rb index cd686a28dd2..72a81330e71 100644 --- a/lib/api/ci/pipelines.rb +++ b/lib/api/ci/pipelines.rb @@ -21,17 +21,17 @@ module API helpers do params :optional_scope do optional :scope, types: [String, Array[String]], desc: 'The scope of builds to show', - values: ::CommitStatus::AVAILABLE_STATUSES, - coerce_with: ->(scope) { - case scope - when String - [scope] - when ::Array - scope - else - ['unknown'] - end - } + values: ::CommitStatus::AVAILABLE_STATUSES, + coerce_with: ->(scope) { + case scope + when String + [scope] + when ::Array + scope + else + ['unknown'] + end + } end end diff --git a/lib/api/ci/runner.rb b/lib/api/ci/runner.rb index b152d46d34e..9e4a700d0f3 100644 --- a/lib/api/ci/runner.rb +++ b/lib/api/ci/runner.rb @@ -256,7 +256,7 @@ module API optional :filesize, type: Integer, desc: %q(Artifacts filesize) optional :artifact_type, type: String, desc: %q(The type of artifact), - default: 'archive', values: ::Ci::JobArtifact.file_types.keys + default: 'archive', values: ::Ci::JobArtifact.file_types.keys end post '/:id/artifacts/authorize', feature_category: :build_artifacts, urgency: :low do not_allowed! unless Gitlab.config.artifacts.enabled @@ -289,9 +289,9 @@ module API optional :token, type: String, desc: %q(Job's authentication token) optional :expire_in, type: String, desc: %q(Specify when artifacts should expire) optional :artifact_type, type: String, desc: %q(The type of artifact), - default: 'archive', values: ::Ci::JobArtifact.file_types.keys + default: 'archive', values: ::Ci::JobArtifact.file_types.keys optional :artifact_format, type: String, desc: %q(The format of artifact), - default: 'zip', values: ::Ci::JobArtifact.file_formats.keys + default: 'zip', values: ::Ci::JobArtifact.file_formats.keys optional :metadata, type: ::API::Validations::Types::WorkhorseFile, desc: %(The artifact metadata to store (generated by Multipart middleware)) end post '/:id/artifacts', feature_category: :build_artifacts, urgency: :low do diff --git a/lib/api/ci/runners.rb b/lib/api/ci/runners.rb index d64c2925934..ec9b09a3419 100644 --- a/lib/api/ci/runners.rb +++ b/lib/api/ci/runners.rb @@ -16,7 +16,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -38,7 +38,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -159,7 +159,7 @@ module API end params do optional :scope, type: String, values: ::Ci::Runner::AVAILABLE_SCOPES, - desc: 'The scope of specific runners to show' + desc: 'The scope of specific runners to show' optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' @@ -225,10 +225,10 @@ module API end params do optional :type, type: String, values: ::Ci::Runner::AVAILABLE_TYPES, - desc: 'The type of the runners to show' + desc: 'The type of the runners to show' optional :paused, type: Boolean, desc: 'Whether to include only runners that are accepting or ignoring new jobs' optional :status, type: String, values: ::Ci::Runner::AVAILABLE_STATUSES, - desc: 'The status of the runners to show' + desc: 'The status of the runners to show' optional :tag_list, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The tags of the runners to show' use :pagination end diff --git a/lib/api/concerns/packages/debian_distribution_endpoints.rb b/lib/api/concerns/packages/debian_distribution_endpoints.rb index e01f3adbb06..380966136df 100644 --- a/lib/api/concerns/packages/debian_distribution_endpoints.rb +++ b/lib/api/concerns/packages/debian_distribution_endpoints.rb @@ -33,13 +33,13 @@ module API optional :valid_time_duration_seconds, type: Integer, desc: 'The duration before the Release file should be considered expired by the client' optional :components, type: Array[String], - coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, - regexp: Gitlab::Regex.debian_component_regex, - desc: 'The list of Components' + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + regexp: Gitlab::Regex.debian_component_regex, + desc: 'The list of Components' optional :architectures, type: Array[String], - coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, - regexp: Gitlab::Regex.debian_architecture_regex, - desc: 'The list of Architectures' + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + regexp: Gitlab::Regex.debian_architecture_regex, + desc: 'The list of Architectures' end end diff --git a/lib/api/debian_project_packages.rb b/lib/api/debian_project_packages.rb index ca576254c3d..06846d8f36e 100644 --- a/lib/api/debian_project_packages.rb +++ b/lib/api/debian_project_packages.rb @@ -73,10 +73,10 @@ module API bad_request!('File is too large') if authorized_user_project.actual_limits.exceeded?(:debian_max_file_size, params[:file].size) file_params = { - file: params['file'], - file_name: params['file_name'], - file_sha1: params['file.sha1'], - file_md5: params['file.md5'] + file: params['file'], + file_name: params['file_name'], + file_sha1: params['file.sha1'], + file_md5: params['file.md5'] } package = ::Packages::Debian::FindOrCreateIncomingService.new(authorized_user_project, current_user).execute diff --git a/lib/api/deploy_tokens.rb b/lib/api/deploy_tokens.rb index 3e0411d2e91..3955e29621f 100644 --- a/lib/api/deploy_tokens.rb +++ b/lib/api/deploy_tokens.rb @@ -71,8 +71,11 @@ module API params do requires :name, type: String, desc: "New deploy token's name" - requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), - desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' + requires :scopes, + type: Array[String], + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), + desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end @@ -152,8 +155,11 @@ module API params do requires :name, type: String, desc: 'The name of the deploy token' - requires :scopes, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), - desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' + requires :scopes, + type: Array[String], + coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, + values: ::DeployToken::AVAILABLE_SCOPES.map(&:to_s), + desc: 'Indicates the deploy token scopes. Must be at least one of "read_repository", "read_registry", "write_registry", "read_package_registry", or "write_package_registry".' optional :expires_at, type: DateTime, desc: 'Expiration date for the deploy token. Does not expire if no value is provided.' optional :username, type: String, desc: 'Username for deploy token. Default is `gitlab+deploy-token-{n}`' end diff --git a/lib/api/deployments.rb b/lib/api/deployments.rb index aa1e6bbc952..ee0a026d7ac 100644 --- a/lib/api/deployments.rb +++ b/lib/api/deployments.rb @@ -156,7 +156,11 @@ module API authorize!(:destroy_deployment, deployment) destroy_conditionally!(deployment) do - ::Ci::Deployments::DestroyService.new(user_project, current_user).execute(deployment) + result = ::Ci::Deployments::DestroyService.new(user_project, current_user).execute(deployment) + + if result[:status] == :error + render_api_error!(result[:message], result[:http_status] || 400) + end end end diff --git a/lib/api/entities/project.rb b/lib/api/entities/project.rb index 9b7aab89260..1739bdd639e 100644 --- a/lib/api/entities/project.rb +++ b/lib/api/entities/project.rb @@ -47,8 +47,9 @@ module API expose :visibility expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group } expose :resolve_outdated_diff_discussions - expose :container_expiration_policy, using: Entities::ContainerExpirationPolicy, - if: -> (project, _) { project.container_expiration_policy } + expose :container_expiration_policy, + using: Entities::ContainerExpirationPolicy, + if: -> (project, _) { project.container_expiration_policy } # Expose old field names with the new permissions methods to keep API compatible # TODO: remove in API v5, replaced by *_access_level diff --git a/lib/api/feature_flags.rb b/lib/api/feature_flags.rb index 42050888c14..67e96284449 100644 --- a/lib/api/feature_flags.rb +++ b/lib/api/feature_flags.rb @@ -24,8 +24,10 @@ module API success ::API::Entities::FeatureFlag end params do - optional :scope, type: String, desc: 'The scope of feature flags', - values: %w[enabled disabled] + optional :scope, + type: String, + desc: 'The scope of feature flags', + values: %w[enabled disabled] use :pagination end get do diff --git a/lib/api/features.rb b/lib/api/features.rb index 13a6aedc2df..f89da48acea 100644 --- a/lib/api/features.rb +++ b/lib/api/features.rb @@ -69,11 +69,14 @@ module API optional :key, type: String, desc: '`percentage_of_actors` or the default `percentage_of_time`' optional :feature_group, type: String, desc: 'A Feature group name' optional :user, type: String, desc: 'A GitLab username or comma-separated multiple usernames' - optional :group, type: String, + optional :group, + type: String, desc: "A GitLab group's path, such as 'gitlab-org', or comma-separated multiple group paths" - optional :namespace, type: String, + optional :namespace, + type: String, desc: "A GitLab group or user namespace path, such as 'john-doe', or comma-separated multiple namespace paths" - optional :project, type: String, + optional :project, + type: String, desc: "A projects path, such as `gitlab-org/gitlab-ce`, or comma-separated multiple project paths" optional :force, type: Boolean, desc: 'Skip feature flag validation checks, ie. YAML definition' diff --git a/lib/api/group_labels.rb b/lib/api/group_labels.rb index e4cbe442f58..a8c48a6f4fe 100644 --- a/lib/api/group_labels.rb +++ b/lib/api/group_labels.rb @@ -19,15 +19,24 @@ module API success Entities::GroupLabel end params do - optional :with_counts, type: Boolean, default: false, + optional :with_counts, + type: Boolean, + default: false, desc: 'Include issue and merge request counts' - optional :include_ancestor_groups, type: Boolean, default: true, + optional :include_ancestor_groups, + type: Boolean, + default: true, desc: 'Include ancestor groups' - optional :include_descendant_groups, type: Boolean, default: false, + optional :include_descendant_groups, + type: Boolean, + default: false, desc: 'Include descendant groups. This feature was added in GitLab 13.6' - optional :only_group_labels, type: Boolean, default: true, + optional :only_group_labels, + type: Boolean, + default: true, desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6' - optional :search, type: String, + optional :search, + type: String, desc: 'Keyword to filter labels by. This feature was added in GitLab 13.6' use :pagination end @@ -40,11 +49,17 @@ module API success Entities::GroupLabel end params do - optional :include_ancestor_groups, type: Boolean, default: true, + optional :include_ancestor_groups, + type: Boolean, + default: true, desc: 'Include ancestor groups' - optional :include_descendant_groups, type: Boolean, default: false, + optional :include_descendant_groups, + type: Boolean, + default: false, desc: 'Include descendant groups. This feature was added in GitLab 13.6' - optional :only_group_labels, type: Boolean, default: true, + optional :only_group_labels, + type: Boolean, + default: true, desc: 'Toggle to include only group labels or also project labels. This feature was added in GitLab 13.6' end get ':id/labels/:name' do diff --git a/lib/api/group_packages.rb b/lib/api/group_packages.rb index af6e2b1e422..72d67b41c31 100644 --- a/lib/api/group_packages.rb +++ b/lib/api/group_packages.rb @@ -24,17 +24,29 @@ module API end params do use :pagination - optional :order_by, type: String, values: %w[created_at name version type project_path], default: 'created_at', - desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.' - optional :sort, type: String, values: %w[asc desc], default: 'asc', - desc: 'Return packages sorted in `asc` or `desc` order.' - optional :package_type, type: String, values: Packages::Package.package_types.keys, - desc: 'Return packages of a certain type' - optional :package_name, type: String, - desc: 'Return packages with this name' - optional :include_versionless, type: Boolean, - desc: 'Returns packages without a version' - optional :status, type: String, values: Packages::Package.statuses.keys, + optional :order_by, + type: String, + values: %w[created_at name version type project_path], + default: 'created_at', + desc: 'Return packages ordered by `created_at`, `name`, `version` or `type` fields.' + optional :sort, + type: String, + values: %w[asc desc], + default: 'asc', + desc: 'Return packages sorted in `asc` or `desc` order.' + optional :package_type, + type: String, + values: Packages::Package.package_types.keys, + desc: 'Return packages of a certain type' + optional :package_name, + type: String, + desc: 'Return packages with this name' + optional :include_versionless, + type: Boolean, + desc: 'Returns packages without a version' + optional :status, + type: String, + values: Packages::Package.statuses.keys, desc: 'Return packages with specified status' end get ':id/packages' do diff --git a/lib/api/groups.rb b/lib/api/groups.rb index b63396ed073..82bbab5d7d4 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -394,9 +394,10 @@ module API desc 'Transfer a group to a new parent group or promote a subgroup to a root group' params do - optional :group_id, type: Integer, - desc: 'The ID of the target group to which the group needs to be transferred to.'\ - 'If not provided, the source group will be promoted to a root group.' + optional :group_id, + type: Integer, + desc: 'The ID of the target group to which the group needs to be transferred to.'\ + 'If not provided, the source group will be promoted to a root group.' end post ':id/transfer', feature_category: :subgroups do group = find_group!(params[:id]) diff --git a/lib/api/helm_packages.rb b/lib/api/helm_packages.rb index e0e4e02fa55..a1b265bc8f3 100644 --- a/lib/api/helm_packages.rb +++ b/lib/api/helm_packages.rb @@ -100,7 +100,7 @@ module API ).execute(:helm, name: ::Packages::Helm::TEMPORARY_PACKAGE_NAME) chart_params = { - file: params[:chart], + file: params[:chart], file_name: PACKAGE_FILENAME } diff --git a/lib/api/helpers/groups_helpers.rb b/lib/api/helpers/groups_helpers.rb index 72bdb32d38c..2b10eebb009 100644 --- a/lib/api/helpers/groups_helpers.rb +++ b/lib/api/helpers/groups_helpers.rb @@ -9,8 +9,8 @@ module API params :optional_params_ce do optional :description, type: String, desc: 'The description of the group' optional :visibility, type: String, - values: Gitlab::VisibilityLevel.string_values, - desc: 'The visibility of the group' + values: Gitlab::VisibilityLevel.string_values, + desc: 'The visibility of the group' # TODO: remove rubocop disable - https://gitlab.com/gitlab-org/gitlab/issues/14960 optional :avatar, type: File, desc: 'Avatar image for the group' # rubocop:disable Scalability/FileUploads optional :share_with_group_lock, type: Boolean, desc: 'Prevent sharing a project with another group within this group' diff --git a/lib/api/helpers/merge_requests_helpers.rb b/lib/api/helpers/merge_requests_helpers.rb index 00d9f49adf0..7c6ef1ddfe2 100644 --- a/lib/api/helpers/merge_requests_helpers.rb +++ b/lib/api/helpers/merge_requests_helpers.rb @@ -17,7 +17,9 @@ module API types: [Integer, String], integer_none_any: true, desc: 'Return merge requests which are assigned to the user with the given ID' - optional :assignee_username, type: Array[String], check_assignees_count: true, + optional :assignee_username, + type: Array[String], + check_assignees_count: true, coerce_with: Validations::Validators::CheckAssigneesCount.coerce, desc: 'Return merge requests which are assigned to the user with the given username' mutually_exclusive :assignee_id, :assignee_username diff --git a/lib/api/helpers/snippets_helpers.rb b/lib/api/helpers/snippets_helpers.rb index 2d8c761101a..fe20fb3cbe2 100644 --- a/lib/api/helpers/snippets_helpers.rb +++ b/lib/api/helpers/snippets_helpers.rb @@ -29,9 +29,10 @@ module API params :update_file_params do |options| optional :files, type: Array, desc: 'An array of files to update' do - requires :action, type: String, - values: SnippetInputAction::ACTIONS.map(&:to_s), - desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}" + requires :action, + type: String, + values: SnippetInputAction::ACTIONS.map(&:to_s), + desc: "The type of action to perform on the file, must be one of: #{SnippetInputAction::ACTIONS.join(", ")}" optional :content, type: String, desc: 'The content of a snippet' optional :file_path, file_path: true, type: String, desc: 'The file path of a snippet file' optional :previous_path, file_path: true, type: String, desc: 'The previous path of a snippet file' diff --git a/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml b/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml index 19d7f49aac0..bb88bee9137 100644 --- a/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/5-Minute-Production-App.gitlab-ci.yml @@ -26,7 +26,6 @@ variables: TF_VAR_SERVICE_DESK_EMAIL: incoming+${CI_PROJECT_PATH_SLUG}-${CI_PROJECT_ID}-issue-@incoming.gitlab.com TF_VAR_SHORT_ENVIRONMENT_NAME: ${CI_PROJECT_ID}-${CI_COMMIT_REF_SLUG} TF_VAR_SMTP_FROM: ${SMTP_FROM} - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' cache: paths: @@ -40,7 +39,7 @@ cache: terraform_apply: stage: provision - image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" + image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" extends: .needs_aws_vars resource_group: terraform before_script: @@ -54,7 +53,7 @@ terraform_apply: deploy: stage: deploy - image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" + image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" extends: .needs_aws_vars resource_group: deploy before_script: @@ -75,7 +74,7 @@ terraform_destroy: variables: GIT_STRATEGY: none stage: destroy - image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" + image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/5-minute-production-app/deploy-template/stable" before_script: - cp /*.tf . - cp /deploy.sh . diff --git a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml index a4fdd18aa40..34988fcdcde 100644 --- a/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Indeni.Cloudrail.gitlab-ci.yml @@ -24,7 +24,6 @@ variables: TEST_ROOT: ${CI_PROJECT_DIR}/my_folder_with_terraform_content - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' default: before_script: @@ -32,7 +31,7 @@ default: init_and_plan: stage: build - image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13" + image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/0.13" rules: - if: $SAST_DISABLED when: never diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml index 11447a36045..ce227bad19a 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml @@ -1,10 +1,9 @@ variables: AUTO_BUILD_IMAGE_VERSION: 'v1.14.0' - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' build: stage: build - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}' variables: DOCKER_TLS_CERTDIR: '' services: diff --git a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml index 11447a36045..ce227bad19a 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml @@ -1,10 +1,9 @@ variables: AUTO_BUILD_IMAGE_VERSION: 'v1.14.0' - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' build: stage: build - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-build-image:${AUTO_BUILD_IMAGE_VERSION}' variables: DOCKER_TLS_CERTDIR: '' services: diff --git a/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml index b5efcb7bba3..6e8cf15204a 100644 --- a/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/CF-Provision.gitlab-ci.yml @@ -1,11 +1,8 @@ -variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - stages: - provision cloud_formation: - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-cloudformation:latest' stage: provision script: - gl-cloudformation create-stack diff --git a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml index dc46be4257f..e278539d214 100644 --- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml @@ -8,8 +8,7 @@ code_quality: variables: DOCKER_DRIVER: overlay2 DOCKER_TLS_CERTDIR: "" - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - CODE_QUALITY_IMAGE: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29" + CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:0.85.29" needs: [] script: - export SOURCE_CODE=$PWD diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml index a4baca12f59..f0ddc4b4916 100644 --- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml @@ -1,9 +1,8 @@ variables: DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0' - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' .dast-auto-deploy: - image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}" + image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}" .common_rules: &common_rules - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME @@ -58,7 +57,7 @@ stop_dast_environment: when: always .ecs_image: - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest' .ecs_rules: &ecs_rules - if: $AUTO_DEVOPS_PLATFORM_TARGET != "ECS" diff --git a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml index 822995fa8b6..7cbc8e40b47 100644 --- a/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml @@ -11,8 +11,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" DS_EXCLUDED_ANALYZERS: "" DS_EXCLUDED_PATHS: "spec, test, tests, tmp" DS_MAJOR_VERSION: 3 diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index d4e1539ae39..1a2a8b4edb4 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -1,9 +1,8 @@ variables: AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0' - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' .auto-deploy: - image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" + image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" dependencies: [] review: diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml index 591ef49d146..cb8818357a2 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml @@ -1,9 +1,8 @@ variables: AUTO_DEPLOY_IMAGE_VERSION: 'v2.33.0' - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' .auto-deploy: - image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" + image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" dependencies: [] review: diff --git a/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml index c5ae7d406ee..8a349f751ea 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy/EC2.gitlab-ci.yml @@ -1,12 +1,9 @@ -variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - stages: - review - production .push-and-deploy: - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ec2:latest' script: - gl-ec2 push-to-s3 - gl-ec2 deploy-to-ec2 diff --git a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml index 4cdd54dcc2f..43dc44312da 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy/ECS.gitlab-ci.yml @@ -7,11 +7,8 @@ # then result in potentially breaking your future pipelines. # # More about including CI templates: https://docs.gitlab.com/ee/ci/yaml/#includetemplate -variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - .ecs_image: - image: '${TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest' + image: '${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cloud-deploy/aws-ecs:latest' .deploy_to_ecs: extends: .ecs_image diff --git a/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml index 9940dab3989..b7735068680 100644 --- a/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Helm-2to3.gitlab-ci.yml @@ -3,11 +3,8 @@ # # To use, set the CI variable MIGRATE_HELM_2TO3 to "true". # For more details, go to https://docs.gitlab.com/ee/topics/autodevops/upgrading_auto_deploy_dependencies.html#helm-v3 -variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - .helm-2to3-migrate: - image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12" + image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12" # NOTE: We use the deploy stage because: # - It exists in all versions of Auto DevOps. # - It is _empty_. @@ -56,7 +53,7 @@ variables: done .helm-2to3-cleanup: - image: "${TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12" + image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/helm-install-image/releases/helm-2to3-2.17.0-3.5.3-kube-1.16.15-alpine-3.12" stage: cleanup environment: action: prepare diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml index 40c05ffe92a..f8668699fe5 100644 --- a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml @@ -11,8 +11,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" LICENSE_MANAGEMENT_SETUP_CMD: '' # If needed, specify a command to setup your environment with a custom package manager. LICENSE_MANAGEMENT_VERSION: 4 diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml index f09e4450703..c195ecd8ee5 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.gitlab-ci.yml @@ -6,8 +6,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" diff --git a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml index 52709fba774..0513aae00a8 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST-IaC.latest.gitlab-ci.yml @@ -6,8 +6,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_PATHS: "spec, test, tests, tmp" diff --git a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml index 91cbccbe3a7..dd164c00724 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml @@ -6,8 +6,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_ANALYZERS: "" diff --git a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml index 076c0879128..c6938920ea4 100644 --- a/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/SAST.latest.gitlab-ci.yml @@ -6,8 +6,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SAST_IMAGE_SUFFIX: "" SAST_EXCLUDED_ANALYZERS: "" diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml index 25fc2388f9e..b7a9dbf7bc6 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml @@ -5,8 +5,7 @@ # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECRET_DETECTION_IMAGE_SUFFIX: "" SECRETS_ANALYZER_VERSION: "4" diff --git a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml index 3491576a9f3..e6eba6f6406 100644 --- a/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Secret-Detection.latest.gitlab-ci.yml @@ -5,8 +5,7 @@ # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECRET_DETECTION_IMAGE_SUFFIX: "" SECRETS_ANALYZER_VERSION: "4" diff --git a/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml b/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml index 77ebff5d5de..591eebf9cd6 100644 --- a/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Pages/Hugo.gitlab-ci.yml @@ -6,11 +6,10 @@ --- # All available Hugo versions are listed here: # https://gitlab.com/pages/hugo/container_registry -image: "${TEMPLATE_REGISTRY_HOST}/pages/hugo:latest" +image: "${CI_TEMPLATE_REGISTRY_HOST}/pages/hugo:latest" variables: GIT_SUBMODULE_STRATEGY: recursive - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' test: script: diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml index 38fb3394c95..cdfa4556769 100644 --- a/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.gitlab-ci.yml @@ -24,8 +24,7 @@ variables: # Setting this variable affects all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # FUZZAPI_VERSION: "2" FUZZAPI_IMAGE_SUFFIX: "" diff --git a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml index 1cbce8aaddd..8d6c191edc4 100644 --- a/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/API-Fuzzing.latest.gitlab-ci.yml @@ -24,8 +24,7 @@ variables: # Setting this variable affects all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # FUZZAPI_VERSION: "2" FUZZAPI_IMAGE_SUFFIX: "" diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml index 5d6c1b05976..3d7883fb87a 100644 --- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml @@ -22,8 +22,7 @@ # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - CS_ANALYZER_IMAGE: "$TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" + CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:5" container_scanning: image: "$CS_ANALYZER_IMAGE$CS_IMAGE_SUFFIX" diff --git a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml index ca9c64fac47..1b33596baa0 100644 --- a/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-API.gitlab-ci.yml @@ -24,8 +24,7 @@ variables: # Setting this variable affects all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # DAST_API_VERSION: "2" DAST_API_IMAGE_SUFFIX: "" diff --git a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml index e13d3e0f270..8aabf20c5df 100644 --- a/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-API.latest.gitlab-ci.yml @@ -24,8 +24,7 @@ variables: # Setting this variable affects all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" # DAST_API_VERSION: "2" DAST_API_IMAGE_SUFFIX: "" diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml index 8543ee90297..1bd527a6ec0 100644 --- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-API-Scan.gitlab-ci.yml @@ -10,8 +10,7 @@ stages: - dast variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" DAST_API_VERSION: "2" DAST_API_IMAGE_SUFFIX: "" DAST_API_IMAGE: api-security diff --git a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml index 17961b49a30..701e08ba56d 100644 --- a/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml @@ -13,8 +13,7 @@ variables: DAST_VERSION: 3 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" dast: stage: dast diff --git a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml index 62423e4134f..5b6af37977e 100644 --- a/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST-Runner-Validation.gitlab-ci.yml @@ -11,12 +11,11 @@ stages: variables: DAST_RUNNER_VALIDATION_VERSION: 1 - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' validation: stage: dast image: - name: "$TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION" + name: "$CI_TEMPLATE_REGISTRY_HOST/security-products/dast-runner-validation:$DAST_RUNNER_VALIDATION_VERSION" variables: GIT_STRATEGY: none allow_failure: false diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml index 7359c108f13..40060e96dff 100644 --- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml @@ -25,8 +25,7 @@ variables: DAST_VERSION: 3 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" dast: stage: dast diff --git a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml index 779cb2e5cf3..9d3b1f4316e 100644 --- a/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml @@ -25,8 +25,7 @@ variables: DAST_VERSION: 3 # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" dast: stage: dast diff --git a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml index ad6cc634176..fd04c86e6c7 100644 --- a/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secure-Binaries.gitlab-ci.yml @@ -16,8 +16,7 @@ variables: # Setting this variable will affect all Security templates # (SAST, Dependency Scanning, ...) - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - SECURE_ANALYZERS_PREFIX: "$TEMPLATE_REGISTRY_HOST/security-products" + SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products" SECURE_BINARIES_ANALYZERS: >- bandit, brakeman, gosec, spotbugs, flawfinder, phpcs-security-audit, security-code-scan, nodejs-scan, eslint, secrets, sobelow, pmd-apex, kics, kubesec, semgrep, gemnasium, gemnasium-maven, gemnasium-python, license-finder, @@ -247,7 +246,7 @@ dast-runner-validation: extends: .download_images variables: SECURE_BINARIES_ANALYZER_VERSION: "1" - SECURE_BINARIES_IMAGE: "${TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}" + SECURE_BINARIES_IMAGE: "${CI_TEMPLATE_REGISTRY_HOST}/security-products/${CI_JOB_NAME}:${SECURE_BINARIES_ANALYZER_VERSION}" only: variables: - $SECURE_BINARIES_DOWNLOAD_IMAGES == "true" && diff --git a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml index ef6fd896bf5..3a956ebfc49 100644 --- a/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform/Base.gitlab-ci.yml @@ -9,12 +9,11 @@ # There is a more opinionated template which we suggest the users to abide, # which is the lib/gitlab/ci/templates/Terraform.gitlab-ci.yml image: - name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9" + name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/releases/terraform:1.1.9" variables: TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' cache: key: "${TF_ROOT}" diff --git a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml index 3277442ea50..4579f31d7ac 100644 --- a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml @@ -10,12 +10,11 @@ # which is the lib/gitlab/ci/templates/Terraform.latest.gitlab-ci.yml image: - name: "$TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest" + name: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/terraform-images/stable:latest" variables: TF_ROOT: ${CI_PROJECT_DIR} # The relative path to the root directory of the Terraform project TF_STATE_NAME: ${TF_STATE_NAME:-default} # The name of the state file used by the GitLab Managed Terraform state backend - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' cache: key: "${TF_ROOT}" diff --git a/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml b/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml index 9aa0cf94b94..488b035d189 100644 --- a/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml @@ -4,10 +4,6 @@ # https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml # Read more about the feature here: https://docs.gitlab.com/ee/user/project/merge_requests/accessibility_testing.html - -variables: - TEMPLATE_REGISTRY_HOST: 'registry.gitlab.com' - stages: - build - test @@ -16,7 +12,7 @@ stages: a11y: stage: accessibility - image: "$TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3" + image: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/accessibility:6.2.3" script: - /gitlab-accessibility.sh "$a11y_urls" allow_failure: true diff --git a/lib/gitlab/import_export/json/streaming_serializer.rb b/lib/gitlab/import_export/json/streaming_serializer.rb index 59396c6bad2..78f43f79072 100644 --- a/lib/gitlab/import_export/json/streaming_serializer.rb +++ b/lib/gitlab/import_export/json/streaming_serializer.rb @@ -18,11 +18,12 @@ module Gitlab end end - def initialize(exportable, relations_schema, json_writer, exportable_path:) + def initialize(exportable, relations_schema, json_writer, exportable_path:, logger: Gitlab::Export::Logger) @exportable = exportable @exportable_path = exportable_path @relations_schema = relations_schema @json_writer = json_writer + @logger = logger end def execute @@ -36,6 +37,8 @@ module Gitlab end def serialize_root(exportable_path = @exportable_path) + log_relation_export('root') + attributes = exportable.as_json( relations_schema.merge(include: nil, preloads: nil, unsafe: true)) @@ -60,9 +63,11 @@ module Gitlab private - attr_reader :json_writer, :relations_schema, :exportable + attr_reader :json_writer, :relations_schema, :exportable, :logger def serialize_many_relations(key, records, options) + log_relation_export(key, records.size) + enumerator = Enumerator.new do |items| key_preloads = preloads&.dig(key) @@ -106,6 +111,8 @@ module Gitlab end def serialize_many_each(key, records, options) + log_relation_export(key, records.size) + enumerator = Enumerator.new do |items| records.each do |record| items << Raw.new(record.to_json(options)) @@ -116,6 +123,8 @@ module Gitlab end def serialize_single_relation(key, record, options) + log_relation_export(key) + json = Raw.new(record.to_json(options)) json_writer.write_relation(@exportable_path, key, json) @@ -186,6 +195,18 @@ module Gitlab record.merge_request_diff&.remove_cached_external_diff end + + def log_base_data + log = { importer: 'Import/Export' } + log.merge!(Gitlab::ImportExport::LogUtil.exportable_to_log_payload(exportable)) + log + end + + def log_relation_export(relation, size = nil) + message = "Exporting #{relation} relation" + message += ". Number of records to export: #{size}" if size + logger.info(message: message, **log_base_data) + end end end end diff --git a/lib/gitlab/import_export/log_util.rb b/lib/gitlab/import_export/log_util.rb new file mode 100644 index 00000000000..d3a3dce47ba --- /dev/null +++ b/lib/gitlab/import_export/log_util.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +module Gitlab + module ImportExport + class LogUtil + def self.exportable_to_log_payload(exportable) + attribute_base_name = exportable.class.name.underscore + + return {} unless %w[project group].include?(attribute_base_name) + + {}.tap do |log| + log[:"#{attribute_base_name}_id"] = exportable.id + log[:"#{attribute_base_name}_name"] = exportable.name + log[:"#{attribute_base_name}_path"] = exportable.full_path + end.compact + end + end + end +end diff --git a/lib/gitlab/import_export/project/tree_saver.rb b/lib/gitlab/import_export/project/tree_saver.rb index 05dcfa5282c..1b54e4b975e 100644 --- a/lib/gitlab/import_export/project/tree_saver.rb +++ b/lib/gitlab/import_export/project/tree_saver.rb @@ -8,7 +8,7 @@ module Gitlab attr_reader :full_path - def initialize(project:, current_user:, shared:, params: {}, logger: Gitlab::Import::Logger) + def initialize(project:, current_user:, shared:, params: {}, logger: Gitlab::Export::Logger) @params = params @project = project @current_user = current_user @@ -49,7 +49,8 @@ module Gitlab exportable, reader.project_tree, json_writer, - exportable_path: "project" + exportable_path: "project", + logger: @logger ) Retriable.retriable(on: Net::OpenTimeout, on_retry: on_retry) do diff --git a/lib/gitlab/import_export/shared.rb b/lib/gitlab/import_export/shared.rb index 5cb1c1f8981..6337842255d 100644 --- a/lib/gitlab/import_export/shared.rb +++ b/lib/gitlab/import_export/shared.rb @@ -95,14 +95,9 @@ module Gitlab end def log_base_data - log = { - importer: 'Import/Export', - exportable_id: @exportable&.id, - exportable_path: @exportable&.full_path - } - + log = { importer: 'Import/Export' } + log.merge!(Gitlab::ImportExport::LogUtil.exportable_to_log_payload(@exportable)) log[:import_jid] = @exportable&.import_state&.jid if exportable_type == 'Project' - log end diff --git a/lib/gitlab/redis/cache.rb b/lib/gitlab/redis/cache.rb index a2c7b5e29db..4ab1024d528 100644 --- a/lib/gitlab/redis/cache.rb +++ b/lib/gitlab/redis/cache.rb @@ -12,7 +12,7 @@ module Gitlab redis: pool, compress: Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_REDIS_CACHE_COMPRESSION', '1')), namespace: CACHE_NAMESPACE, - expires_in: 2.weeks # Cache should not grow forever + expires_in: ENV.fetch('GITLAB_RAILS_CACHE_DEFAULT_TTL_SECONDS', 2.weeks).to_i # Cache should not grow forever } end end diff --git a/spec/frontend/pipeline_wizard/components/step_spec.js b/spec/frontend/pipeline_wizard/components/step_spec.js index aa87b1d0b04..00b57f95ccc 100644 --- a/spec/frontend/pipeline_wizard/components/step_spec.js +++ b/spec/frontend/pipeline_wizard/components/step_spec.js @@ -139,7 +139,7 @@ describe('Pipeline Wizard - Step Page', () => { await mockPrevClick(); await nextTick(); - expect(wrapper.emitted().back).toBeTruthy(); + expect(wrapper.emitted().back).toEqual(expect.arrayContaining([])); }); it('lets "next" event bubble upwards', async () => { @@ -148,7 +148,7 @@ describe('Pipeline Wizard - Step Page', () => { await mockNextClick(); await nextTick(); - expect(wrapper.emitted().next).toBeTruthy(); + expect(wrapper.emitted().next).toEqual(expect.arrayContaining([])); }); }); diff --git a/spec/frontend/vue_shared/components/sidebar/issuable_move_dropdown_spec.js b/spec/frontend/vue_shared/components/sidebar/issuable_move_dropdown_spec.js index a4e3e34713c..9b1316677d7 100644 --- a/spec/frontend/vue_shared/components/sidebar/issuable_move_dropdown_spec.js +++ b/spec/frontend/vue_shared/components/sidebar/issuable_move_dropdown_spec.js @@ -308,7 +308,7 @@ describe('IssuableMoveDropdown', () => { it('collapsed state element emits `toggle-collapse` event on component when clicked', () => { wrapper.find('[data-testid="move-collapsed"]').trigger('click'); - expect(wrapper.emitted('toggle-collapse')).toBeTruthy(); + expect(wrapper.emitted('toggle-collapse')).toHaveLength(1); }); it('gl-dropdown component calls `fetchProjects` on `shown` event', () => { @@ -337,7 +337,7 @@ describe('IssuableMoveDropdown', () => { it('gl-dropdown component emits `dropdown-close` event on component from `hide` event', async () => { findDropdownEl().vm.$emit('hide'); - expect(wrapper.emitted('dropdown-close')).toBeTruthy(); + expect(wrapper.emitted('dropdown-close')).toHaveLength(1); }); it('close icon in dropdown header closes the dropdown when clicked', () => { @@ -372,7 +372,7 @@ describe('IssuableMoveDropdown', () => { wrapper.find('[data-testid="footer"]').findComponent(GlButton).vm.$emit('click'); expect(wrapper.vm.$refs.dropdown.hide).toHaveBeenCalled(); - expect(wrapper.emitted('move-issuable')).toBeTruthy(); + expect(wrapper.emitted('move-issuable')).toHaveLength(1); expect(wrapper.emitted('move-issuable')[0]).toEqual([mockProjects[0]]); }); }); diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb index fbb3aca3376..94e6a90e8db 100644 --- a/spec/graphql/types/project_type_spec.rb +++ b/spec/graphql/types/project_type_spec.rb @@ -194,8 +194,8 @@ RSpec.describe GitlabSchema.types['Project'] do expect(secure_analyzers['type']).to eq('string') expect(secure_analyzers['field']).to eq('SECURE_ANALYZERS_PREFIX') expect(secure_analyzers['label']).to eq('Image prefix') - expect(secure_analyzers['defaultValue']).to eq('$TEMPLATE_REGISTRY_HOST/security-products') - expect(secure_analyzers['value']).to eq('$TEMPLATE_REGISTRY_HOST/security-products') + expect(secure_analyzers['defaultValue']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products') + expect(secure_analyzers['value']).to eq('$CI_TEMPLATE_REGISTRY_HOST/security-products') expect(secure_analyzers['size']).to eq('LARGE') expect(secure_analyzers['options']).to be_nil end diff --git a/spec/lib/gitlab/ci/variables/builder_spec.rb b/spec/lib/gitlab/ci/variables/builder_spec.rb index 8ec0846bdca..6ab2089cce8 100644 --- a/spec/lib/gitlab/ci/variables/builder_spec.rb +++ b/spec/lib/gitlab/ci/variables/builder_spec.rb @@ -3,6 +3,7 @@ require 'spec_helper' RSpec.describe Gitlab::Ci::Variables::Builder do + include Ci::TemplateHelpers let_it_be(:group) { create(:group) } let_it_be(:project) { create(:project, :repository, namespace: group) } let_it_be_with_reload(:pipeline) { create(:ci_pipeline, project: project) } @@ -92,6 +93,8 @@ RSpec.describe Gitlab::Ci::Variables::Builder do value: project.pages_url }, { key: 'CI_API_V4_URL', value: API::Helpers::Version.new('v4').root_url }, + { key: 'CI_TEMPLATE_REGISTRY_HOST', + value: template_registry_host }, { key: 'CI_PIPELINE_IID', value: pipeline.iid.to_s }, { key: 'CI_PIPELINE_SOURCE', diff --git a/spec/lib/gitlab/import_export/json/streaming_serializer_spec.rb b/spec/lib/gitlab/import_export/json/streaming_serializer_spec.rb index 3f73a730744..3088129a732 100644 --- a/spec/lib/gitlab/import_export/json/streaming_serializer_spec.rb +++ b/spec/lib/gitlab/import_export/json/streaming_serializer_spec.rb @@ -27,6 +27,7 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do end let(:exportable_path) { 'project' } + let(:logger) { Gitlab::Export::Logger.build } let(:json_writer) { instance_double('Gitlab::ImportExport::Json::LegacyWriter') } let(:hash) { { name: exportable.name, description: exportable.description }.stringify_keys } let(:include) { [] } @@ -42,7 +43,7 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do end subject do - described_class.new(exportable, relations_schema, json_writer, exportable_path: exportable_path) + described_class.new(exportable, relations_schema, json_writer, exportable_path: exportable_path, logger: logger) end describe '#execute' do @@ -73,6 +74,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do subject.execute end + it 'logs the relation name and the number of records to export' do + allow(json_writer).to receive(:write_relation_array) + allow(logger).to receive(:info) + + subject.execute + + expect(logger).to have_received(:info).with( + importer: 'Import/Export', + message: "Exporting issues relation. Number of records to export: 16", + project_id: exportable.id, + project_name: exportable.name, + project_path: exportable.full_path + ) + end + context 'default relation ordering' do it 'orders exported issues by primary key(:id)' do expected_issues = exportable.issues.reorder(:id).map(&:to_json) @@ -138,6 +154,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do subject.execute end + + it 'logs the relation name' do + allow(json_writer).to receive(:write_relation) + allow(logger).to receive(:info) + + subject.execute + + expect(logger).to have_received(:info).with( + importer: 'Import/Export', + message: 'Exporting group relation', + project_id: exportable.id, + project_name: exportable.name, + project_path: exportable.full_path + ) + end end context 'with array relation' do @@ -155,6 +186,21 @@ RSpec.describe Gitlab::ImportExport::Json::StreamingSerializer do subject.execute end + + it 'logs the relation name and the number of records to export' do + allow(json_writer).to receive(:write_relation_array) + allow(logger).to receive(:info) + + subject.execute + + expect(logger).to have_received(:info).with( + importer: 'Import/Export', + message: 'Exporting project_members relation. Number of records to export: 1', + project_id: exportable.id, + project_name: exportable.name, + project_path: exportable.full_path + ) + end end describe 'load balancing' do diff --git a/spec/lib/gitlab/import_export/log_util_spec.rb b/spec/lib/gitlab/import_export/log_util_spec.rb new file mode 100644 index 00000000000..2b1a4b7bb61 --- /dev/null +++ b/spec/lib/gitlab/import_export/log_util_spec.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::ImportExport::LogUtil do + describe '.exportable_to_log_payload' do + subject { described_class.exportable_to_log_payload(exportable) } + + context 'when exportable is a group' do + let(:exportable) { build_stubbed(:group) } + + it 'returns hash with group keys' do + expect(subject).to be_a(Hash) + expect(subject.keys).to eq(%i[group_id group_name group_path]) + end + end + + context 'when exportable is a project' do + let(:exportable) { build_stubbed(:project) } + + it 'returns hash with project keys' do + expect(subject).to be_a(Hash) + expect(subject.keys).to eq(%i[project_id project_name project_path]) + end + end + + context 'when exportable is a new record' do + let(:exportable) { Project.new } + + it 'returns empty hash' do + expect(subject).to eq({}) + end + end + + context 'when exportable is an unexpected type' do + let(:exportable) { build_stubbed(:issue) } + + it 'returns empty hash' do + expect(subject).to eq({}) + end + end + end +end diff --git a/spec/lib/gitlab/import_export/project/tree_saver_spec.rb b/spec/lib/gitlab/import_export/project/tree_saver_spec.rb index ba781ae78b7..a248a04a5a0 100644 --- a/spec/lib/gitlab/import_export/project/tree_saver_spec.rb +++ b/spec/lib/gitlab/import_export/project/tree_saver_spec.rb @@ -404,7 +404,7 @@ RSpec.describe Gitlab::ImportExport::Project::TreeSaver do context 'when streaming has to retry', :aggregate_failures do let(:shared) { double('shared', export_path: exportable_path) } - let(:logger) { Gitlab::Import::Logger.build } + let(:logger) { Gitlab::Export::Logger.build } let(:serializer) { double('serializer') } let(:error_class) { Net::OpenTimeout } let(:info_params) do diff --git a/spec/lib/gitlab/import_export/shared_spec.rb b/spec/lib/gitlab/import_export/shared_spec.rb index 1945156ca59..408ed3a2176 100644 --- a/spec/lib/gitlab/import_export/shared_spec.rb +++ b/spec/lib/gitlab/import_export/shared_spec.rb @@ -68,12 +68,18 @@ RSpec.describe Gitlab::ImportExport::Shared do expect(subject.errors).to eq(['Error importing into [FILTERED] Permission denied @ unlink_internal - [FILTERED]']) end - it 'updates the import JID' do + it 'tracks exception' do import_state = create(:import_state, project: project, jid: 'jid-test') expect(Gitlab::ErrorTracking) .to receive(:track_exception) - .with(error, hash_including(import_jid: import_state.jid)) + .with(error, hash_including( + importer: 'Import/Export', + project_id: project.id, + project_name: project.name, + project_path: project.full_path, + import_jid: import_state.jid + )) subject.error(error) end diff --git a/spec/lib/gitlab/redis/cache_spec.rb b/spec/lib/gitlab/redis/cache_spec.rb index 31141ac1139..1f0ebbe107f 100644 --- a/spec/lib/gitlab/redis/cache_spec.rb +++ b/spec/lib/gitlab/redis/cache_spec.rb @@ -15,4 +15,16 @@ RSpec.describe Gitlab::Redis::Cache do expect(subject.send(:raw_config_hash)).to eq(url: 'redis://localhost:6380' ) end end + + describe '.active_support_config' do + it 'has a default ttl of 2 weeks' do + expect(described_class.active_support_config[:expires_in]).to eq(2.weeks) + end + + it 'allows configuring the TTL through an env variable' do + stub_env('GITLAB_RAILS_CACHE_DEFAULT_TTL_SECONDS' => '86400') + + expect(described_class.active_support_config[:expires_in]).to eq(1.day) + end + end end diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb index 6cdc0ef9d9b..546cfd80fcf 100644 --- a/spec/models/ci/build_spec.rb +++ b/spec/models/ci/build_spec.rb @@ -3,6 +3,7 @@ require 'spec_helper' RSpec.describe Ci::Build do + include Ci::TemplateHelpers let_it_be(:user) { create(:user) } let_it_be(:group, reload: true) { create(:group) } let_it_be(:project, reload: true) { create(:project, :repository, group: group) } @@ -2865,6 +2866,7 @@ RSpec.describe Ci::Build do public: true, masked: false }, { key: 'CI_API_V4_URL', value: 'http://localhost/api/v4', public: true, masked: false }, + { key: 'CI_TEMPLATE_REGISTRY_HOST', value: template_registry_host, public: true, masked: false }, { key: 'CI_PIPELINE_IID', value: pipeline.iid.to_s, public: true, masked: false }, { key: 'CI_PIPELINE_SOURCE', value: pipeline.source, public: true, masked: false }, { key: 'CI_PIPELINE_CREATED_AT', value: pipeline.created_at.iso8601, public: true, masked: false }, diff --git a/spec/requests/api/deployments_spec.rb b/spec/requests/api/deployments_spec.rb index 88f5bc868d4..24c3ee59c18 100644 --- a/spec/requests/api/deployments_spec.rb +++ b/spec/requests/api/deployments_spec.rb @@ -451,7 +451,7 @@ RSpec.describe API::Deployments do describe 'DELETE /projects/:id/deployments/:deployment_id' do let(:project) { create(:project, :repository) } let(:environment) { create(:environment, project: project) } - let(:commits) { project.repository.commits(nil, { limit: 2 }) } + let(:commits) { project.repository.commits(nil, { limit: 3 }) } let!(:deploy) do create( :deployment, @@ -475,12 +475,30 @@ RSpec.describe API::Deployments do ) end + let!(:running_deploy) do + create( + :deployment, + :running, + project: project, + environment: environment, + deployable: nil, + sha: commits[2].sha + ) + end + context 'as an maintainer' do it 'deletes a deployment' do delete api("/projects/#{project.id}/deployments/#{old_deploy.id}", user) expect(response).to have_gitlab_http_status(:no_content) end + + it 'will not delete a running deployment' do + delete api("/projects/#{project.id}/deployments/#{running_deploy.id}", user) + + expect(response).to have_gitlab_http_status(:bad_request) + expect(response.body).to include("Cannot destroy running deployment") + end end context 'as a developer' do diff --git a/spec/services/projects/import_export/export_service_spec.rb b/spec/services/projects/import_export/export_service_spec.rb index 54abbc04084..285687505e9 100644 --- a/spec/services/projects/import_export/export_service_spec.rb +++ b/spec/services/projects/import_export/export_service_spec.rb @@ -89,7 +89,21 @@ RSpec.describe Projects::ImportExport::ExportService do context 'when all saver services succeed' do before do - allow(service).to receive(:save_services).and_return(true) + allow(service).to receive(:save_exporters).and_return(true) + end + + it 'logs a successful message' do + allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true) + + expect(service.instance_variable_get(:@logger)).to receive(:info).ordered.with( + hash_including({ message: 'Project export started', project_id: project.id }) + ) + + expect(service.instance_variable_get(:@logger)).to receive(:info).ordered.with( + hash_including({ message: 'Project successfully exported', project_id: project.id }) + ) + + service.execute end it 'saves the project in the file system' do @@ -111,6 +125,7 @@ RSpec.describe Projects::ImportExport::ExportService do end it 'calls the after export strategy' do + allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true) expect(after_export_strategy).to receive(:execute) service.execute(after_export_strategy) @@ -119,7 +134,7 @@ RSpec.describe Projects::ImportExport::ExportService do context 'when after export strategy fails' do before do allow(after_export_strategy).to receive(:execute).and_return(false) - expect(Gitlab::ImportExport::Saver).to receive(:save).with(exportable: project, shared: shared).and_return(true) + allow(Gitlab::ImportExport::Saver).to receive(:save).and_return(true) end after do @@ -140,7 +155,9 @@ RSpec.describe Projects::ImportExport::ExportService do end it 'notifies logger' do - expect(service.instance_variable_get(:@logger)).to receive(:error) + expect(service.instance_variable_get(:@logger)).to receive(:error).with( + hash_including({ message: 'Project export error', project_id: project.id }) + ) end end end diff --git a/spec/services/security/ci_configuration/sast_parser_service_spec.rb b/spec/services/security/ci_configuration/sast_parser_service_spec.rb index b11f31a9086..1fd196cdcee 100644 --- a/spec/services/security/ci_configuration/sast_parser_service_spec.rb +++ b/spec/services/security/ci_configuration/sast_parser_service_spec.rb @@ -16,7 +16,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do let(:bandit) { configuration['analyzers'][0] } let(:brakeman) { configuration['analyzers'][1] } let(:sast_brakeman_level) { brakeman['variables'][0] } - let(:secure_analyzers_prefix) { '$TEMPLATE_REGISTRY_HOST/security-products' } + let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' } it 'parses the configuration for SAST' do expect(secure_analyzers['default_value']).to eql(secure_analyzers_prefix) |