diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-08 00:11:49 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-08 00:11:49 +0300 |
commit | 4fcfdad283a25ee4d1e955954aeceb08d7ffd5f7 (patch) | |
tree | f90b6e55f2cf974ea14c38cd065aa3b65fe3715a | |
parent | 5a71c032e8e0dcb5593df5c257c88487e332e5e5 (diff) |
Add latest changes from gitlab-org/gitlab@master
34 files changed, 374 insertions, 77 deletions
diff --git a/app/assets/stylesheets/pages/settings.scss b/app/assets/stylesheets/pages/settings.scss index 57745ab06ed..37e272cfff7 100644 --- a/app/assets/stylesheets/pages/settings.scss +++ b/app/assets/stylesheets/pages/settings.scss @@ -192,19 +192,28 @@ } } -.initialize-with-readme-setting { - .form-check { - margin-bottom: 10px; +.nested-settings { + padding-left: 20px; +} - .option-title { - font-weight: $gl-font-weight-normal; - display: inline-block; - color: $gl-text-color; - } +.input-btn-group { + display: flex; - .option-description { - color: $project-option-descr-color; - } + .input-large { + flex: 1; + } + + .btn { + margin-left: 10px; + } +} + +.content-list > .settings-flex-row { + display: flex; + align-items: center; + + .float-right { + margin-left: auto; } } diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 89767915d7f..a293bdac28c 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -73,6 +73,13 @@ class ProjectsController < Projects::ApplicationController @project = ::Projects::CreateService.new(current_user, project_params(attributes: project_params_create_attributes)).execute if @project.saved? + experiment(:new_project_sast_enabled, user: current_user).track(:created, + property: active_new_project_tab, + checked: Gitlab::Utils.to_boolean(project_params[:initialize_with_sast]), + project: @project, + namespace: @project.namespace + ) + redirect_to( project_path(@project, custom_import_params), notice: _("Project '%{project_name}' was successfully created.") % { project_name: @project.name } @@ -436,6 +443,7 @@ class ProjectsController < Projects::ApplicationController :template_name, :template_project_id, :merge_method, + :initialize_with_sast, :initialize_with_readme, :autoclose_referenced_issues, :suggestion_commit_message, diff --git a/app/experiments/new_project_sast_enabled_experiment.rb b/app/experiments/new_project_sast_enabled_experiment.rb new file mode 100644 index 00000000000..1ab86d70134 --- /dev/null +++ b/app/experiments/new_project_sast_enabled_experiment.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class NewProjectSastEnabledExperiment < ApplicationExperiment # rubocop:disable Gitlab/NamespacedClass + def publish(_result = nil) + super + + publish_to_database + end + + def candidate_behavior + end + + def free_indicator_behavior + end +end diff --git a/app/services/projects/after_rename_service.rb b/app/services/projects/after_rename_service.rb index 953b386b754..a3d54bc6b58 100644 --- a/app/services/projects/after_rename_service.rb +++ b/app/services/projects/after_rename_service.rb @@ -12,6 +12,8 @@ module Projects # # Projects::AfterRenameService.new(project).execute class AfterRenameService + include BaseServiceUtility + # @return [String] The Project being renamed. attr_reader :project @@ -78,7 +80,7 @@ module Projects def execute_system_hooks project.old_path_with_namespace = full_path_before - SystemHooksService.new.execute_hooks_for(project, :rename) + system_hook_service.execute_hooks_for(project, :rename) end def update_repository_configuration @@ -110,7 +112,7 @@ module Projects end def log_completion - Gitlab::AppLogger.info( + log_info( "Project #{project.id} has been renamed from " \ "#{full_path_before} to #{full_path_after}" ) @@ -140,7 +142,7 @@ module Projects def rename_failed! error = "Repository #{full_path_before} could not be renamed to #{full_path_after}" - Gitlab::AppLogger.error(error) + log_error(error) raise RenameFailedError, error end diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index e717491b19d..1536f0a22b8 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -8,6 +8,7 @@ module Projects @current_user = user @params = params.dup @skip_wiki = @params.delete(:skip_wiki) + @initialize_with_sast = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_sast)) @initialize_with_readme = Gitlab::Utils.to_boolean(@params.delete(:initialize_with_readme)) @import_data = @params.delete(:import_data) @relations_block = @params.delete(:relations_block) @@ -118,6 +119,7 @@ module Projects Projects::PostCreationWorker.perform_async(@project.id) create_readme if @initialize_with_readme + create_sast_commit if @initialize_with_sast end # Add an authorization for the current user authorizations inline @@ -160,6 +162,10 @@ module Projects Files::CreateService.new(@project, current_user, commit_attrs).execute end + def create_sast_commit + ::Security::CiConfiguration::SastCreateService.new(@project, current_user, {}, commit_on_default: true).execute + end + def readme_content @readme_template.presence || experiment(:new_project_readme_content, namespace: @project.namespace).run_with(@project) end diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb index a2028cf8a19..bdfad770638 100644 --- a/app/services/projects/transfer_service.rb +++ b/app/services/projects/transfer_service.rb @@ -187,7 +187,7 @@ module Projects end def execute_system_hooks - SystemHooksService.new.execute_hooks_for(project, :transfer) + system_hook_service.execute_hooks_for(project, :transfer) end def move_project_folders(project) diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb index adb45244adb..ea77cd98ba3 100644 --- a/app/services/security/ci_configuration/base_create_service.rb +++ b/app/services/security/ci_configuration/base_create_service.rb @@ -25,7 +25,7 @@ module Security rescue Gitlab::Git::PreReceiveError => e ServiceResponse.error(message: e.message) rescue StandardError - project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name) + remove_branch_on_exception raise end @@ -50,6 +50,10 @@ module Security Gitlab::Routing.url_helpers.project_new_merge_request_url(project, merge_request: merge_request_params) end + def remove_branch_on_exception + project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name) + end + def track_event(attributes_for_commit) action = attributes_for_commit[:actions].first diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb index f495cac18f8..47e01847b17 100644 --- a/app/services/security/ci_configuration/sast_create_service.rb +++ b/app/services/security/ci_configuration/sast_create_service.rb @@ -5,15 +5,28 @@ module Security class SastCreateService < ::Security::CiConfiguration::BaseCreateService attr_reader :params - def initialize(project, current_user, params) + def initialize(project, current_user, params, commit_on_default: false) super(project, current_user) @params = params + + @commit_on_default = commit_on_default + @branch_name = project.default_branch if @commit_on_default end private + def remove_branch_on_exception + super unless @commit_on_default + end + def action - Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content).generate + existing_content = begin + existing_gitlab_ci_content # this can fail on the very first commit + rescue StandardError + nil + end + + Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_content).generate end def next_branch diff --git a/app/views/projects/_new_project_fields.html.haml b/app/views/projects/_new_project_fields.html.haml index b7859e27b31..256c3ebad0a 100644 --- a/app/views/projects/_new_project_fields.html.haml +++ b/app/views/projects/_new_project_fields.html.haml @@ -58,15 +58,36 @@ = render 'shared/visibility_level', f: f, visibility_level: visibility_level.to_i, can_change_visibility_level: true, form_model: @project, with_label: false - if !hide_init_with_readme - .form-group.row.initialize-with-readme-setting - %div{ :class => "col-sm-12" } - .form-check - = check_box_tag 'project[initialize_with_readme]', '1', true, class: 'form-check-input', data: { qa_selector: "initialize_with_readme_checkbox", track_label: "#{track_label}", track_action: "activate_form_input", track_property: "init_with_readme", track_value: "" } - = label_tag 'project[initialize_with_readme]', class: 'form-check-label' do - .option-title - %strong= s_('ProjectsNew|Initialize repository with a README') - .option-description - = s_('ProjectsNew|Allows you to immediately clone this project’s repository. Skip this if you plan to push up an existing repository.') + = f.label :project_configuration, class: 'label-bold' do + = s_('ProjectsNew|Project Configuration') + + .form-group + .form-check.gl-mb-3 + = check_box_tag 'project[initialize_with_readme]', '1', true, class: 'form-check-input', data: { qa_selector: 'initialize_with_readme_checkbox', track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_readme' } + = label_tag 'project[initialize_with_readme]', s_('ProjectsNew|Initialize repository with a README'), class: 'form-check-label' + .form-text.text-muted + = s_('ProjectsNew|Allows you to immediately clone this project’s repository. Skip this if you plan to push up an existing repository.') + + - experiment(:new_project_sast_enabled, user: current_user) do |e| + - e.try do + .form-group + .form-check.gl-mb-3 + = check_box_tag 'project[initialize_with_sast]', '1', true, class: 'form-check-input', data: { track_experiment: e.name, track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_sast' } + = label_tag 'project[initialize_with_sast]', class: 'form-check-label' do + = s_('ProjectsNew|Enable Static Application Security Testing (SAST)') + .form-text.text-muted + = s_('ProjectsNew|Analyze your source code for known security vulnerabilities.') + = link_to _('Learn more.'), help_page_path('user/application_security/sast/index'), target: '_blank', rel: 'noopener noreferrer', data: { track_action: 'followed', track_experiment: e.name } + - e.try(:free_indicator) do + .form-group + .form-check.gl-mb-3 + = check_box_tag 'project[initialize_with_sast]', '1', true, class: 'form-check-input', data: { track_experiment: e.name, track_label: track_label, track_action: 'activate_form_input', track_property: 'init_with_sast' } + = label_tag 'project[initialize_with_sast]', class: 'form-check-label' do + = s_('ProjectsNew|Enable Static Application Security Testing (SAST)') + %span.badge.badge-info.badge-pill.gl-badge.sm= _('Free') + .form-text.text-muted + = s_('ProjectsNew|Analyze your source code for known security vulnerabilities.') + = link_to _('Learn more.'), help_page_path('user/application_security/sast/index'), target: '_blank', rel: 'noopener noreferrer', data: { track_action: 'followed', track_experiment: e.name } = f.submit _('Create project'), class: "btn gl-button btn-confirm", data: { track_label: "#{track_label}", track_action: "click_button", track_property: "create_project", track_value: "" } = link_to _('Cancel'), dashboard_projects_path, class: 'btn gl-button btn-default btn-cancel', data: { track_label: "#{track_label}", track_action: "click_button", track_property: "cancel", track_value: "" } diff --git a/config/feature_flags/experiment/new_project_sast_enabled.yml b/config/feature_flags/experiment/new_project_sast_enabled.yml new file mode 100644 index 00000000000..f47c01d26aa --- /dev/null +++ b/config/feature_flags/experiment/new_project_sast_enabled.yml @@ -0,0 +1,8 @@ +--- +name: new_project_sast_enabled +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70548 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/340929 +milestone: '14.4' +type: experiment +group: group::adoption +default_enabled: false diff --git a/db/migrate/20211004062942_create_coverage_fuzzing_corpuses.rb b/db/migrate/20211004062942_create_coverage_fuzzing_corpuses.rb new file mode 100644 index 00000000000..c24883b626d --- /dev/null +++ b/db/migrate/20211004062942_create_coverage_fuzzing_corpuses.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +class CreateCoverageFuzzingCorpuses < Gitlab::Database::Migration[1.0] + def change + create_table :coverage_fuzzing_corpuses do |t| + t.bigint :project_id, null: false + t.bigint :user_id + t.bigint :package_id, null: false + + t.datetime_with_timezone :file_updated_at, null: false, default: -> { 'NOW()' } + t.timestamps_with_timezone null: false + + t.index :project_id + t.index :user_id + t.index :package_id + end + end +end diff --git a/db/migrate/20211005063519_add_foreign_key_to_corpuses_on_project.rb b/db/migrate/20211005063519_add_foreign_key_to_corpuses_on_project.rb new file mode 100644 index 00000000000..ba1fb443343 --- /dev/null +++ b/db/migrate/20211005063519_add_foreign_key_to_corpuses_on_project.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddForeignKeyToCorpusesOnProject < Gitlab::Database::Migration[1.0] + disable_ddl_transaction! + + def up + add_concurrent_foreign_key :coverage_fuzzing_corpuses, :projects, column: :project_id, on_delete: :cascade + end + + def down + with_lock_retries do + remove_foreign_key :coverage_fuzzing_corpuses, column: :project_id + end + end +end diff --git a/db/migrate/20211005063616_add_foreign_key_to_corpuses_on_user.rb b/db/migrate/20211005063616_add_foreign_key_to_corpuses_on_user.rb new file mode 100644 index 00000000000..da08ab97acf --- /dev/null +++ b/db/migrate/20211005063616_add_foreign_key_to_corpuses_on_user.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddForeignKeyToCorpusesOnUser < Gitlab::Database::Migration[1.0] + disable_ddl_transaction! + + def up + add_concurrent_foreign_key :coverage_fuzzing_corpuses, :users, column: :user_id, on_delete: :cascade + end + + def down + with_lock_retries do + remove_foreign_key :coverage_fuzzing_corpuses, column: :user_id + end + end +end diff --git a/db/migrate/20211005063723_add_foreign_key_to_corpuses_on_package.rb b/db/migrate/20211005063723_add_foreign_key_to_corpuses_on_package.rb new file mode 100644 index 00000000000..74ba7b070d0 --- /dev/null +++ b/db/migrate/20211005063723_add_foreign_key_to_corpuses_on_package.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddForeignKeyToCorpusesOnPackage < Gitlab::Database::Migration[1.0] + disable_ddl_transaction! + + def up + add_concurrent_foreign_key :coverage_fuzzing_corpuses, :packages_packages, column: :package_id, on_delete: :cascade + end + + def down + with_lock_retries do + remove_foreign_key :coverage_fuzzing_corpuses, column: :package_id + end + end +end diff --git a/db/schema_migrations/20211004062942 b/db/schema_migrations/20211004062942 new file mode 100644 index 00000000000..6ad1af289f7 --- /dev/null +++ b/db/schema_migrations/20211004062942 @@ -0,0 +1 @@ +95dcfdc6c03705b0db5e96d669051edf335b5d6501243f70588f9b73478116a6
\ No newline at end of file diff --git a/db/schema_migrations/20211005063519 b/db/schema_migrations/20211005063519 new file mode 100644 index 00000000000..d3450d4282a --- /dev/null +++ b/db/schema_migrations/20211005063519 @@ -0,0 +1 @@ +e45163c2d0d691fb5deab86d024c4edb8e3cd350271418e1ff132c31e2ca90a3
\ No newline at end of file diff --git a/db/schema_migrations/20211005063616 b/db/schema_migrations/20211005063616 new file mode 100644 index 00000000000..030dfc12a68 --- /dev/null +++ b/db/schema_migrations/20211005063616 @@ -0,0 +1 @@ +20d35e9baae343bccbb67a25eacd7fdb4b32fd4cedd95e6f8f7a2933470350fb
\ No newline at end of file diff --git a/db/schema_migrations/20211005063723 b/db/schema_migrations/20211005063723 new file mode 100644 index 00000000000..b4d8c7a3f6e --- /dev/null +++ b/db/schema_migrations/20211005063723 @@ -0,0 +1 @@ +4659ab6d971b03d9b44dda72fe1b571c5050fd6892cb4f16f2ca1ced0905c1ce
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 189e4e8efaf..d49007990ee 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -12765,6 +12765,25 @@ CREATE SEQUENCE conversational_development_index_metrics_id_seq ALTER SEQUENCE conversational_development_index_metrics_id_seq OWNED BY conversational_development_index_metrics.id; +CREATE TABLE coverage_fuzzing_corpuses ( + id bigint NOT NULL, + project_id bigint NOT NULL, + user_id bigint, + package_id bigint NOT NULL, + file_updated_at timestamp with time zone DEFAULT now() NOT NULL, + created_at timestamp with time zone NOT NULL, + updated_at timestamp with time zone NOT NULL +); + +CREATE SEQUENCE coverage_fuzzing_corpuses_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE coverage_fuzzing_corpuses_id_seq OWNED BY coverage_fuzzing_corpuses.id; + CREATE TABLE csv_issue_imports ( id bigint NOT NULL, project_id bigint NOT NULL, @@ -21188,6 +21207,8 @@ ALTER TABLE ONLY container_repositories ALTER COLUMN id SET DEFAULT nextval('con ALTER TABLE ONLY conversational_development_index_metrics ALTER COLUMN id SET DEFAULT nextval('conversational_development_index_metrics_id_seq'::regclass); +ALTER TABLE ONLY coverage_fuzzing_corpuses ALTER COLUMN id SET DEFAULT nextval('coverage_fuzzing_corpuses_id_seq'::regclass); + ALTER TABLE ONLY csv_issue_imports ALTER COLUMN id SET DEFAULT nextval('csv_issue_imports_id_seq'::regclass); ALTER TABLE ONLY custom_emoji ALTER COLUMN id SET DEFAULT nextval('custom_emoji_id_seq'::regclass); @@ -22704,6 +22725,9 @@ ALTER TABLE ONLY container_repositories ALTER TABLE ONLY conversational_development_index_metrics ADD CONSTRAINT conversational_development_index_metrics_pkey PRIMARY KEY (id); +ALTER TABLE ONLY coverage_fuzzing_corpuses + ADD CONSTRAINT coverage_fuzzing_corpuses_pkey PRIMARY KEY (id); + ALTER TABLE ONLY csv_issue_imports ADD CONSTRAINT csv_issue_imports_pkey PRIMARY KEY (id); @@ -24856,6 +24880,12 @@ CREATE UNIQUE INDEX index_container_repositories_on_project_id_and_name ON conta CREATE INDEX index_container_repository_on_name_trigram ON container_repositories USING gin (name gin_trgm_ops); +CREATE INDEX index_coverage_fuzzing_corpuses_on_package_id ON coverage_fuzzing_corpuses USING btree (package_id); + +CREATE INDEX index_coverage_fuzzing_corpuses_on_project_id ON coverage_fuzzing_corpuses USING btree (project_id); + +CREATE INDEX index_coverage_fuzzing_corpuses_on_user_id ON coverage_fuzzing_corpuses USING btree (user_id); + CREATE INDEX index_created_at_on_codeowner_approval_merge_request_rules ON approval_merge_request_rules USING btree (created_at) WHERE ((rule_type = 2) AND (section <> 'codeowners'::text)); CREATE INDEX index_csv_issue_imports_on_project_id ON csv_issue_imports USING btree (project_id); @@ -27555,6 +27585,9 @@ ALTER TABLE ONLY boards ALTER TABLE ONLY epics ADD CONSTRAINT fk_1fbed67632 FOREIGN KEY (start_date_sourcing_milestone_id) REFERENCES milestones(id) ON DELETE SET NULL; +ALTER TABLE ONLY coverage_fuzzing_corpuses + ADD CONSTRAINT fk_204d40056a FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; + ALTER TABLE ONLY geo_container_repository_updated_events ADD CONSTRAINT fk_212c89c706 FOREIGN KEY (container_repository_id) REFERENCES container_repositories(id) ON DELETE CASCADE; @@ -27594,6 +27627,9 @@ ALTER TABLE ONLY geo_event_log ALTER TABLE ONLY deployments ADD CONSTRAINT fk_289bba3222 FOREIGN KEY (cluster_id) REFERENCES clusters(id) ON DELETE SET NULL; +ALTER TABLE ONLY coverage_fuzzing_corpuses + ADD CONSTRAINT fk_29f6f15f82 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; + ALTER TABLE ONLY agent_group_authorizations ADD CONSTRAINT fk_2c9f941965 FOREIGN KEY (group_id) REFERENCES namespaces(id) ON DELETE CASCADE; @@ -28236,6 +28272,9 @@ ALTER TABLE ONLY application_settings ALTER TABLE ONLY events ADD CONSTRAINT fk_edfd187b6f FOREIGN KEY (author_id) REFERENCES users(id) ON DELETE CASCADE; +ALTER TABLE ONLY coverage_fuzzing_corpuses + ADD CONSTRAINT fk_ef5ebf339f FOREIGN KEY (package_id) REFERENCES packages_packages(id) ON DELETE CASCADE; + ALTER TABLE ONLY vulnerabilities ADD CONSTRAINT fk_efb96ab1e2 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index 66c291549a3..8a0d3f552bf 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -7,12 +7,6 @@ description: 'Learn how to administer GitLab Pages.' # GitLab Pages administration **(FREE SELF)** -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80) in GitLab EE 8.3. -> - Custom CNAMEs with TLS support were [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173) in GitLab EE 8.5. -> - GitLab Pages [was ported](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/14605) to Community Edition in GitLab 8.17. -> - Support for subgroup project's websites was -> [introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/30548) in GitLab 11.8. - GitLab Pages allows for hosting of static sites. It must be configured by an administrator. Separate [user documentation](../../user/project/pages/index.md) is available. @@ -382,8 +376,6 @@ To enable it: ### Access control -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/33422) in GitLab 11.5. - GitLab Pages access control can be configured per-project, and allows access to a Pages site to be controlled based on a user's membership to that project. @@ -524,9 +516,6 @@ After an archive reaches `zip_cache_expiration`, it's marked as expired and remo ## Activate verbose logging for daemon -Verbose logging was [introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in -Omnibus GitLab 11.1. - Follow the steps below to configure verbose logging of GitLab Pages daemon. 1. By default the daemon only logs with `INFO` level. @@ -603,8 +592,6 @@ the below steps to do a no downtime transfer to a new storage location. ## Configure listener for reverse proxy requests -> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/2533) in Omnibus GitLab 11.1. - Follow the steps below to configure the proxy listener of GitLab Pages. 1. By default the listener is configured to listen for requests on `localhost:8090`. diff --git a/doc/integration/elasticsearch.md b/doc/integration/elasticsearch.md index 9d231664d76..67a11ca2810 100644 --- a/doc/integration/elasticsearch.md +++ b/doc/integration/elasticsearch.md @@ -461,6 +461,8 @@ The following are some available Rake tasks: | Task | Description | |:--------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [`sudo gitlab-rake gitlab:elastic:index`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Enables Elasticsearch indexing and run `gitlab:elastic:create_empty_index`, `gitlab:elastic:clear_index_status`, `gitlab:elastic:index_projects`, and `gitlab:elastic:index_snippets`. | +| [`sudo gitlab-rake gitlab:elastic:pause_indexing`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Pauses Elasticsearch indexing. Changes are still tracked. Useful for cluster/index migrations. | +| [`sudo gitlab-rake gitlab:elastic:resume_indexing`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Resumes Elasticsearch indexing. | | [`sudo gitlab-rake gitlab:elastic:index_projects`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Iterates over all projects and queues Sidekiq jobs to index them in the background. | | [`sudo gitlab-rake gitlab:elastic:index_projects_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Determines the overall status of the indexing. It is done by counting the total number of indexed projects, dividing by a count of the total number of projects, then multiplying by 100. | | [`sudo gitlab-rake gitlab:elastic:clear_index_status`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/tasks/gitlab/elastic.rake) | Deletes all instances of IndexStatus for all projects. Note that this command will result in a complete wipe of the index, and it should be used with caution. | diff --git a/doc/integration/vault.md b/doc/integration/vault.md index 5d2813a9f01..3bca3767785 100644 --- a/doc/integration/vault.md +++ b/doc/integration/vault.md @@ -2,13 +2,10 @@ stage: Release group: Release info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments -type: reference, howto --- # Vault Authentication with GitLab OpenID Connect **(FREE)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/22323) in GitLab 9.0 - [Vault](https://www.vaultproject.io/) is a secrets management application offered by HashiCorp. It allows you to store and manage sensitive information such as secret environment variables, encryption keys, and authentication tokens. Vault offers Identity-based Access, which means Vault users can authenticate through several of their preferred cloud providers. diff --git a/doc/subscriptions/bronze_starter.md b/doc/subscriptions/bronze_starter.md index 5b98a55cec4..b311653eef7 100644 --- a/doc/subscriptions/bronze_starter.md +++ b/doc/subscriptions/bronze_starter.md @@ -68,7 +68,7 @@ the tiers are no longer mentioned in GitLab documentation: - [Full code quality reports in the code quality tab](../user/project/merge_requests/code_quality.md#code-quality-reports) - [Merge request approvals](../user/project/merge_requests/approvals/index.md) - [Multiple assignees](../user/project/merge_requests/getting_started.md#multiple-assignees) - - [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers) **(PREMIUM)** + - [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers) - [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals) - [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers) - [Approval rules](../user/project/merge_requests/approvals/rules.md) features diff --git a/doc/subscriptions/quarterly_reconciliation.md b/doc/subscriptions/quarterly_reconciliation.md index f9cca079e76..252326ab265 100644 --- a/doc/subscriptions/quarterly_reconciliation.md +++ b/doc/subscriptions/quarterly_reconciliation.md @@ -4,7 +4,7 @@ group: Purchase info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# The quarterly subscription reconciliation process +# The quarterly subscription reconciliation process **(PREMIUM)** GitLab reviews your seat usage every quarter and sends you an invoice for any overages. diff --git a/doc/subscriptions/self_managed/index.md b/doc/subscriptions/self_managed/index.md index 72bd1c2b4f7..7d63f7ce4bc 100644 --- a/doc/subscriptions/self_managed/index.md +++ b/doc/subscriptions/self_managed/index.md @@ -25,8 +25,8 @@ changes to their subscription. The cost of a GitLab self-managed subscription is determined by the following: -- GitLab tier -- Subscription seats +- [GitLab tier](https://about.gitlab.com/pricing/) +- [Subscription seats](#subscription-seats) ## Choose a GitLab tier diff --git a/doc/topics/application_development_platform/index.md b/doc/topics/application_development_platform/index.md index f9baa8916df..1560ceeed26 100644 --- a/doc/topics/application_development_platform/index.md +++ b/doc/topics/application_development_platform/index.md @@ -4,7 +4,7 @@ group: unassigned info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- -# Application Development Platform +# Application Development Platform **(FREE)** The GitLab Application Development Platform refers to the set of GitLab features used to create, configure, and manage a complete software development environment. It provides development, operations, and security teams with a robust feature set aimed at supporting best practices out of the box. diff --git a/doc/user/project/deploy_tokens/index.md b/doc/user/project/deploy_tokens/index.md index 1798aa0c1c6..29005b49dc2 100644 --- a/doc/user/project/deploy_tokens/index.md +++ b/doc/user/project/deploy_tokens/index.md @@ -2,12 +2,10 @@ stage: Release group: Release info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments -type: howto --- # Deploy tokens -> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17894) in GitLab 10.7. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/199370) from **Settings > Repository** in GitLab 12.9. > - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI/CD** in GitLab 12.10.1. @@ -59,8 +57,8 @@ following table along with GitLab version it was introduced in: | Scope | Description | Introduced in GitLab Version | |--------------------------|-------------|------------------------------| -| `read_repository` | Allows read-access to the repository through `git clone` | 10.7 | -| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | 10.7 | +| `read_repository` | Allows read-access to the repository through `git clone` | -- | +| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | -- | | `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 | | `read_package_registry` | Allows read access to the package registry. | 13.0 | | `write_package_registry` | Allows write access to the package registry. | 13.0 | @@ -185,8 +183,6 @@ To pull images from the Dependency Proxy, you must: ### GitLab deploy token -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/18414) in GitLab 10.8. - There's a special case when it comes to deploy tokens. If a user creates one named `gitlab-deploy-token`, the username and token of the deploy token is automatically exposed to the CI/CD jobs as CI/CD variables: `CI_DEPLOY_USER` diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md index f701b8fc870..27487003697 100644 --- a/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md +++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/index.md @@ -290,8 +290,6 @@ Sublime Text, Atom, Dreamweaver, Brackets, etc). ## Force HTTPS for GitLab Pages websites -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/28857) in GitLab 10.7. - To make your website's visitors even more secure, you can choose to force HTTPS for GitLab Pages. By doing so, all attempts to visit your website through HTTP are automatically redirected to HTTPS through 301. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 8087f8563c8..1603365d0af 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -14860,6 +14860,9 @@ msgstr "" msgid "Framework successfully deleted" msgstr "" +msgid "Free" +msgstr "" + msgid "Free Trial of GitLab.com Ultimate" msgstr "" @@ -19192,6 +19195,9 @@ msgstr "" msgid "Iterations|The duration for each iteration (in weeks)" msgstr "" +msgid "Iterations|The iteration has been deleted." +msgstr "" + msgid "Iterations|The start date of your first iteration" msgstr "" @@ -23684,6 +23690,9 @@ msgstr "" msgid "OnDemandScans|My daily scan" msgstr "" +msgid "OnDemandScans|New DAST scan" +msgstr "" + msgid "OnDemandScans|New on-demand DAST scan" msgstr "" @@ -23696,6 +23705,12 @@ msgstr "" msgid "OnDemandScans|On-demand Scans" msgstr "" +msgid "OnDemandScans|On-demand scans" +msgstr "" + +msgid "OnDemandScans|On-demand scans run outside of DevOps cycle and find vulnerabilities in your projects. %{learnMoreLinkStart}Lean more%{learnMoreLinkEnd}." +msgstr "" + msgid "OnDemandScans|On-demand scans run outside the DevOps cycle and find vulnerabilities in your projects. %{learnMoreLinkStart}Learn more%{learnMoreLinkEnd}" msgstr "" @@ -27049,6 +27064,9 @@ msgstr "" msgid "ProjectsNew|Allows you to immediately clone this project’s repository. Skip this if you plan to push up an existing repository." msgstr "" +msgid "ProjectsNew|Analyze your source code for known security vulnerabilities." +msgstr "" + msgid "ProjectsNew|Connect your external repository to GitLab CI/CD." msgstr "" @@ -27076,6 +27094,9 @@ msgstr "" msgid "ProjectsNew|Description format" msgstr "" +msgid "ProjectsNew|Enable Static Application Security Testing (SAST)" +msgstr "" + msgid "ProjectsNew|Import" msgstr "" @@ -27091,6 +27112,9 @@ msgstr "" msgid "ProjectsNew|No import options available" msgstr "" +msgid "ProjectsNew|Project Configuration" +msgstr "" + msgid "ProjectsNew|Project description %{tag_start}(optional)%{tag_end}" msgstr "" diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index d502670d276..3d966848c5b 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -420,42 +420,66 @@ RSpec.describe ProjectsController do end describe 'POST create' do - let!(:params) do - { - path: 'foo', - description: 'bar', - import_url: project.http_url_to_repo, - namespace_id: user.namespace.id - } - end - subject { post :create, params: { project: params } } before do sign_in(user) end - context 'when import by url is disabled' do - before do - stub_application_setting(import_sources: []) + context 'on import' do + let(:params) do + { + path: 'foo', + description: 'bar', + namespace_id: user.namespace.id, + import_url: project.http_url_to_repo + } end - it 'does not create project and reports an error' do - expect { subject }.not_to change { Project.count } + context 'when import by url is disabled' do + before do + stub_application_setting(import_sources: []) + end - expect(response).to have_gitlab_http_status(:not_found) + it 'does not create project and reports an error' do + expect { subject }.not_to change { Project.count } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when import by url is enabled' do + before do + stub_application_setting(import_sources: ['git']) + end + + it 'creates project' do + expect { subject }.to change { Project.count } + + expect(response).to have_gitlab_http_status(:redirect) + end end end - context 'when import by url is enabled' do - before do - stub_application_setting(import_sources: ['git']) + context 'with new_project_sast_enabled', :experiment do + let(:params) do + { + path: 'foo', + description: 'bar', + namespace_id: user.namespace.id, + initialize_with_sast: '1' + } end - it 'creates project' do - expect { subject }.to change { Project.count } + it 'tracks an event on project creation' do + expect(experiment(:new_project_sast_enabled)).to track(:created, + property: 'blank', + checked: true, + project: an_instance_of(Project), + namespace: user.namespace + ).on_next_instance.with_context(user: user) - expect(response).to have_gitlab_http_status(:redirect) + post :create, params: { project: params } end end end diff --git a/spec/experiments/new_project_sast_enabled_experiment_spec.rb b/spec/experiments/new_project_sast_enabled_experiment_spec.rb new file mode 100644 index 00000000000..dcf71bfffd7 --- /dev/null +++ b/spec/experiments/new_project_sast_enabled_experiment_spec.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe NewProjectSastEnabledExperiment do + it "defines the expected behaviors and variants" do + expect(subject.behaviors.keys).to match_array(%w[control candidate free_indicator]) + end + + it "publishes to the database" do + expect(subject).to receive(:publish_to_database) + + subject.publish + end +end diff --git a/spec/features/projects/user_creates_project_spec.rb b/spec/features/projects/user_creates_project_spec.rb index 9f08759603e..5d482f9fbd0 100644 --- a/spec/features/projects/user_creates_project_spec.rb +++ b/spec/features/projects/user_creates_project_spec.rb @@ -33,6 +33,29 @@ RSpec.describe 'User creates a project', :js do expect(page).to have_content(project.url_to_repo) end + it 'creates a new project that is not blank' do + stub_experiments(new_project_sast_enabled: 'candidate') + + visit(new_project_path) + + find('[data-qa-panel-name="blank_project"]').click # rubocop:disable QA/SelectorUsage + fill_in(:project_name, with: 'With initial commits') + + expect(page).to have_checked_field 'Initialize repository with a README' + expect(page).to have_checked_field 'Enable Static Application Security Testing (SAST)' + + page.within('#content-body') do + click_button('Create project') + end + + project = Project.last + + expect(current_path).to eq(project_path(project)) + expect(page).to have_content('With initial commits') + expect(page).to have_content('Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist') + expect(page).to have_content('README.md Initial commit') + end + context 'in a subgroup they do not own' do let(:parent) { create(:group) } let!(:subgroup) { create(:group, parent: parent) } diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb index e15d9341fd1..3b0c9e3d11e 100644 --- a/spec/services/projects/create_service_spec.rb +++ b/spec/services/projects/create_service_spec.rb @@ -622,6 +622,22 @@ RSpec.describe Projects::CreateService, '#execute' do end end + context 'when SAST initialization is requested' do + let(:project) { create_project(user, opts) } + + before do + opts[:initialize_with_sast] = '1' + allow(Gitlab::CurrentSettings).to receive(:default_branch_name).and_return('main') + end + + it 'creates a commit for SAST', :aggregate_failures do + expect(project.repository.commit_count).to be(1) + expect(project.repository.commit.message).to eq( + 'Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist' + ) + end + end + describe 'create integration for the project' do subject(:project) { create_project(user, opts) } diff --git a/spec/services/security/ci_configuration/sast_create_service_spec.rb b/spec/services/security/ci_configuration/sast_create_service_spec.rb index 44f8f07a5be..c7e732dc79a 100644 --- a/spec/services/security/ci_configuration/sast_create_service_spec.rb +++ b/spec/services/security/ci_configuration/sast_create_service_spec.rb @@ -23,4 +23,27 @@ RSpec.describe Security::CiConfiguration::SastCreateService, :snowplow do end include_examples 'services security ci configuration create service' + + context "when committing to the default branch", :aggregate_failures do + subject(:result) { described_class.new(project, user, params, commit_on_default: true).execute } + + let(:params) { {} } + + before do + project.add_developer(user) + end + + it "doesn't try to remove that branch on raised exceptions" do + expect(Files::MultiService).to receive(:new).and_raise(StandardError, '_exception_') + expect(project.repository).not_to receive(:rm_branch) + + expect { result }.to raise_error(StandardError, '_exception_') + end + + it "commits directly to the default branch" do + expect(result.status).to eq(:success) + expect(result.payload[:success_path]).to match(/#{Gitlab::Routing.url_helpers.project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/) + expect(result.payload[:branch]).to eq('master') + end + end end |