diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-30 03:08:33 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-30 03:08:33 +0300 |
commit | 5281a205544b4e6e57f5b3cb8f20a5da4710cdc5 (patch) | |
tree | d61c05f01c524912c1f20fa7d70b751317be8dca | |
parent | d8b32df644a632b143d6b9967311301a2fc83a6b (diff) |
Add latest changes from gitlab-org/gitlab@master
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 102 | ||||
-rw-r--r-- | app/graphql/types/alert_management/alert_type.rb | 6 | ||||
-rw-r--r-- | app/models/ci/job_artifact.rb | 5 | ||||
-rw-r--r-- | changelogs/unreleased/move_migration_to_post_deployment.yml | 5 | ||||
-rw-r--r-- | db/post_migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb (renamed from db/migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb) | 0 | ||||
-rw-r--r-- | doc/api/graphql/reference/gitlab_schema.graphql | 4 | ||||
-rw-r--r-- | doc/api/graphql/reference/gitlab_schema.json | 8 | ||||
-rw-r--r-- | doc/api/graphql/reference/index.md | 2 | ||||
-rw-r--r-- | locale/gitlab.pot | 6 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | qa/Gemfile | 2 | ||||
-rw-r--r-- | qa/Gemfile.lock | 6 | ||||
-rw-r--r-- | spec/factories/ci/builds.rb | 8 | ||||
-rw-r--r-- | spec/requests/api/graphql/project/alert_management/alerts_spec.rb | 13 | ||||
-rw-r--r-- | spec/services/ci/retry_build_service_spec.rb | 2 | ||||
-rw-r--r-- | yarn.lock | 8 |
17 files changed, 115 insertions, 66 deletions
@@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rails', '~> 6.0.3.1' +gem 'rails', '~> 6.0.3' gem 'bootsnap', '~> 1.4.6' diff --git a/Gemfile.lock b/Gemfile.lock index e7cb545500c..03d492651ed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,59 +6,59 @@ GEM ace-rails-ap (4.1.2) acme-client (2.0.5) faraday (~> 0.9, >= 0.9.1) - actioncable (6.0.3.1) - actionpack (= 6.0.3.1) + actioncable (6.0.3) + actionpack (= 6.0.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionmailbox (6.0.3) + actionpack (= 6.0.3) + activejob (= 6.0.3) + activerecord (= 6.0.3) + activestorage (= 6.0.3) + activesupport (= 6.0.3) mail (>= 2.7.1) - actionmailer (6.0.3.1) - actionpack (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) + actionmailer (6.0.3) + actionpack (= 6.0.3) + actionview (= 6.0.3) + activejob (= 6.0.3) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (6.0.3.1) - actionview (= 6.0.3.1) - activesupport (= 6.0.3.1) + actionpack (6.0.3) + actionview (= 6.0.3) + activesupport (= 6.0.3) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.0.3.1) - actionpack (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + actiontext (6.0.3) + actionpack (= 6.0.3) + activerecord (= 6.0.3) + activestorage (= 6.0.3) + activesupport (= 6.0.3) nokogiri (>= 1.8.5) - actionview (6.0.3.1) - activesupport (= 6.0.3.1) + actionview (6.0.3) + activesupport (= 6.0.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.0.3.1) - activesupport (= 6.0.3.1) + activejob (6.0.3) + activesupport (= 6.0.3) globalid (>= 0.3.6) - activemodel (6.0.3.1) - activesupport (= 6.0.3.1) - activerecord (6.0.3.1) - activemodel (= 6.0.3.1) - activesupport (= 6.0.3.1) + activemodel (6.0.3) + activesupport (= 6.0.3) + activerecord (6.0.3) + activemodel (= 6.0.3) + activesupport (= 6.0.3) activerecord-explain-analyze (0.1.0) activerecord (>= 4) pg - activestorage (6.0.3.1) - actionpack (= 6.0.3.1) - activejob (= 6.0.3.1) - activerecord (= 6.0.3.1) + activestorage (6.0.3) + actionpack (= 6.0.3) + activejob (= 6.0.3) + activerecord (= 6.0.3) marcel (~> 0.3.1) - activesupport (6.0.3.1) + activesupport (6.0.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -801,20 +801,20 @@ GEM rack-test (1.1.0) rack (>= 1.0, < 3) rack-timeout (0.5.1) - rails (6.0.3.1) - actioncable (= 6.0.3.1) - actionmailbox (= 6.0.3.1) - actionmailer (= 6.0.3.1) - actionpack (= 6.0.3.1) - actiontext (= 6.0.3.1) - actionview (= 6.0.3.1) - activejob (= 6.0.3.1) - activemodel (= 6.0.3.1) - activerecord (= 6.0.3.1) - activestorage (= 6.0.3.1) - activesupport (= 6.0.3.1) + rails (6.0.3) + actioncable (= 6.0.3) + actionmailbox (= 6.0.3) + actionmailer (= 6.0.3) + actionpack (= 6.0.3) + actiontext (= 6.0.3) + actionview (= 6.0.3) + activejob (= 6.0.3) + activemodel (= 6.0.3) + activerecord (= 6.0.3) + activestorage (= 6.0.3) + activesupport (= 6.0.3) bundler (>= 1.3.0) - railties (= 6.0.3.1) + railties (= 6.0.3) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -828,9 +828,9 @@ GEM rails-i18n (6.0.0) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 7) - railties (6.0.3.1) - actionpack (= 6.0.3.1) - activesupport (= 6.0.3.1) + railties (6.0.3) + actionpack (= 6.0.3) + activesupport (= 6.0.3) method_source rake (>= 0.8.7) thor (>= 0.20.3, < 2.0) @@ -1335,7 +1335,7 @@ DEPENDENCIES rack-oauth2 (~> 1.9.3) rack-proxy (~> 0.6.0) rack-timeout - rails (~> 6.0.3.1) + rails (~> 6.0.3) rails-controller-testing rails-i18n (~> 6.0) rainbow (~> 3.0) diff --git a/app/graphql/types/alert_management/alert_type.rb b/app/graphql/types/alert_management/alert_type.rb index db2324aa9e7..1630bf4491d 100644 --- a/app/graphql/types/alert_management/alert_type.rb +++ b/app/graphql/types/alert_management/alert_type.rb @@ -88,6 +88,12 @@ module Types [Types::UserType], null: true, description: 'Assignees of the alert' + + def assignees + return User.none unless Feature.enabled?(:alert_assignee, object.project) + + object.assignees + end end end end diff --git a/app/models/ci/job_artifact.rb b/app/models/ci/job_artifact.rb index e764bdd9133..146089c637d 100644 --- a/app/models/ci/job_artifact.rb +++ b/app/models/ci/job_artifact.rb @@ -27,6 +27,7 @@ module Ci accessibility: 'gl-accessibility.json', codequality: 'gl-code-quality-report.json', sast: 'gl-sast-report.json', + secret_detection: 'gl-secret-detection-report.json', dependency_scanning: 'gl-dependency-scanning-report.json', container_scanning: 'gl-container-scanning-report.json', dast: 'gl-dast-report.json', @@ -63,6 +64,7 @@ module Ci accessibility: :raw, codequality: :raw, sast: :raw, + secret_detection: :raw, dependency_scanning: :raw, container_scanning: :raw, dast: :raw, @@ -177,7 +179,8 @@ module Ci cobertura: 17, terraform: 18, # Transformed json accessibility: 19, - cluster_applications: 20 + cluster_applications: 20, + secret_detection: 21 ## EE-specific } enum file_format: { diff --git a/changelogs/unreleased/move_migration_to_post_deployment.yml b/changelogs/unreleased/move_migration_to_post_deployment.yml new file mode 100644 index 00000000000..d70ab5249c4 --- /dev/null +++ b/changelogs/unreleased/move_migration_to_post_deployment.yml @@ -0,0 +1,5 @@ +--- +title: Move migration related to ci_builds to post_deployment +merge_request: 33416 +author: +type: performance diff --git a/db/migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb b/db/post_migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb index e09ad4bdadf..e09ad4bdadf 100644 --- a/db/migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb +++ b/db/post_migrate/20200519171058_update_index_ci_builds_on_commit_id_and_artifacts_expireatandidpartial.rb diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql index a99f42c2e06..3fd8160aa82 100644 --- a/doc/api/graphql/reference/gitlab_schema.graphql +++ b/doc/api/graphql/reference/gitlab_schema.graphql @@ -12226,7 +12226,8 @@ type Vulnerability { project: Project """ - Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST) + Type of the security report that found the vulnerability (SAST, + DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION) """ reportType: VulnerabilityReportType @@ -12444,6 +12445,7 @@ enum VulnerabilityReportType { DAST DEPENDENCY_SCANNING SAST + SECRET_DETECTION } """ diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json index 6453a5e701c..0aa6df23262 100644 --- a/doc/api/graphql/reference/gitlab_schema.json +++ b/doc/api/graphql/reference/gitlab_schema.json @@ -36124,7 +36124,7 @@ }, { "name": "reportType", - "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST)", + "description": "Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION)", "args": [ ], @@ -36815,6 +36815,12 @@ "description": null, "isDeprecated": false, "deprecationReason": null + }, + { + "name": "SECRET_DETECTION", + "description": null, + "isDeprecated": false, + "deprecationReason": null } ], "possibleTypes": null diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index e52f5732309..1407868d252 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -1835,7 +1835,7 @@ Represents a vulnerability. | `id` | ID! | GraphQL ID of the vulnerability | | `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability | | `project` | Project | The project on which the vulnerability was found | -| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST) | +| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability (SAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING, DAST, SECRET_DETECTION) | | `severity` | VulnerabilitySeverity | Severity of the vulnerability (INFO, UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL) | | `state` | VulnerabilityState | State of the vulnerability (DETECTED, DISMISSED, RESOLVED, CONFIRMED) | | `title` | String | Title of the vulnerability | diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 960b499cd8d..81eca8c6e90 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -2425,6 +2425,9 @@ msgstr "" msgid "Analyze your dependencies for known vulnerabilities." msgstr "" +msgid "Analyze your source code and git history for secrets" +msgstr "" + msgid "Analyze your source code for known vulnerabilities." msgstr "" @@ -19122,6 +19125,9 @@ msgstr "" msgid "Secret" msgstr "" +msgid "Secret Detection" +msgstr "" + msgid "Security" msgstr "" diff --git a/package.json b/package.json index f10b7d0119b..c9f994bf69d 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "@gitlab/svgs": "1.131.0", "@gitlab/ui": "16.1.0", "@gitlab/visual-review-tools": "1.6.1", - "@rails/actioncable": "^6.0.3-1", + "@rails/actioncable": "^6.0.3", "@sentry/browser": "^5.10.2", "@sourcegraph/code-host-integration": "0.0.48", "@toast-ui/editor": "^2.0.1", diff --git a/qa/Gemfile b/qa/Gemfile index d5c682ef76f..6eb8733ab41 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -1,7 +1,7 @@ source 'https://rubygems.org' gem 'gitlab-qa' -gem 'activesupport', '~> 6.0.3.1' # This should stay in sync with the root's Gemfile +gem 'activesupport', '~> 6.0.3' # This should stay in sync with the root's Gemfile gem 'capybara', '~> 3.29.0' gem 'capybara-screenshot', '~> 1.0.23' gem 'rake', '~> 12.3.0' diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 23324fccdec..9aeba236c96 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3.1) + activesupport (6.0.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -54,7 +54,7 @@ GEM mime-types-data (3.2020.0425) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.14.1) + minitest (5.14.0) netrc (0.11.0) nokogiri (1.10.9) mini_portile2 (~> 2.4.0) @@ -116,7 +116,7 @@ PLATFORMS ruby DEPENDENCIES - activesupport (~> 6.0.3.1) + activesupport (~> 6.0.3) airborne (~> 0.3.4) capybara (~> 3.29.0) capybara-screenshot (~> 1.0.23) diff --git a/spec/factories/ci/builds.rb b/spec/factories/ci/builds.rb index 26786aab12c..5fee23f1365 100644 --- a/spec/factories/ci/builds.rb +++ b/spec/factories/ci/builds.rb @@ -400,6 +400,14 @@ FactoryBot.define do end end + trait :secret_detection do + options do + { + artifacts: { reports: { secret_detection: 'gl-secret-detection-report.json' } } + } + end + end + trait :dependency_scanning do options do { diff --git a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb index f6f80b55d93..ae819f93ee7 100644 --- a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb +++ b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb @@ -137,5 +137,18 @@ describe 'getting Alert Management Alerts' do end end end + + context 'with alert_assignee flag disabled' do + before do + stub_feature_flags(alert_assignee: false) + project.add_developer(current_user) + + post_graphql(query, current_user: current_user) + end + + it 'excludes assignees' do + expect(alerts.first['assignees']).to be_empty + end + end end end diff --git a/spec/services/ci/retry_build_service_spec.rb b/spec/services/ci/retry_build_service_spec.rb index 64e3cda7c91..bc24de9e1d3 100644 --- a/spec/services/ci/retry_build_service_spec.rb +++ b/spec/services/ci/retry_build_service_spec.rb @@ -30,7 +30,7 @@ describe Ci::RetryBuildService do created_at updated_at started_at finished_at queued_at erased_by erased_at auto_canceled_by job_artifacts job_artifacts_archive job_artifacts_metadata job_artifacts_trace job_artifacts_junit - job_artifacts_sast job_artifacts_dependency_scanning + job_artifacts_sast job_artifacts_secret_detection job_artifacts_dependency_scanning job_artifacts_container_scanning job_artifacts_dast job_artifacts_license_management job_artifacts_license_scanning job_artifacts_performance job_artifacts_lsif diff --git a/yarn.lock b/yarn.lock index eba796a4881..a5992d1fa55 100644 --- a/yarn.lock +++ b/yarn.lock @@ -983,10 +983,10 @@ consola "^2.10.1" node-fetch "^2.6.0" -"@rails/actioncable@^6.0.3-1": - version "6.0.3-1" - resolved "https://registry.yarnpkg.com/@rails/actioncable/-/actioncable-6.0.3-1.tgz#9b9eb8858a6507162911007d355d9a206e1c5caa" - integrity sha512-szFhWD+V5TAxVNVIG16klgq+ypqA5k5AecLarTTrXgOG8cawVbQdOAwLbCmzkwiQ60rGSxAFoC1u2LrzxSK2Aw== +"@rails/actioncable@^6.0.3": + version "6.0.3" + resolved "https://registry.yarnpkg.com/@rails/actioncable/-/actioncable-6.0.3.tgz#722b4b639936129307ddbab3a390f6bcacf3e7bc" + integrity sha512-I01hgqxxnOgOtJTGlq0ZsGJYiTEEiSGVEGQn3vimZSqEP1HqzyFNbzGTq14Xdyeow2yGJjygjoFF1pmtE+SQaw== "@sentry/browser@^5.10.2": version "5.10.2" |