diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-17 00:11:39 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-17 00:11:39 +0300 |
| commit | 7503a3227d99dbf1a981e2a2cf64bd4f42990669 (patch) | |
| tree | 3911bbeee531d339a831f335df599b463a9bf1f3 | |
| parent | 78a62a7c7a773041dcb4fc733534c03c0be4c067 (diff) | |
Add latest changes from gitlab-org/gitlab@master
46 files changed, 1054 insertions, 353 deletions
diff --git a/app/finders/issues_finder.rb b/app/finders/issues_finder.rb index 7595b1c7a15..abf0c180d6b 100644 --- a/app/finders/issues_finder.rb +++ b/app/finders/issues_finder.rb @@ -20,6 +20,7 @@ # sort: string # my_reaction_emoji: string # public_only: boolean +# include_hidden: boolean # due_date: date or '0', '', 'overdue', 'week', or 'month' # created_after: datetime # created_before: datetime @@ -47,8 +48,6 @@ class IssuesFinder < IssuableFinder # rubocop: disable CodeReuse/ActiveRecord def with_confidentiality_access_check - return Issue.all if params.user_can_see_all_issues? - # Only admins can see hidden issues, so for non-admins, we filter out any hidden issues issues = Issue.without_hidden @@ -76,7 +75,9 @@ class IssuesFinder < IssuableFinder private def init_collection - if params.public_only? + if params.include_hidden? + Issue.all + elsif params.public_only? Issue.public_only else with_confidentiality_access_check diff --git a/app/finders/issues_finder/params.rb b/app/finders/issues_finder/params.rb index 2edd8a6f099..02b89f08f9e 100644 --- a/app/finders/issues_finder/params.rb +++ b/app/finders/issues_finder/params.rb @@ -6,6 +6,10 @@ class IssuesFinder params.fetch(:public_only, false) end + def include_hidden? + user_can_see_all_issues? + end + def filter_by_no_due_date? due_date? && params[:due_date] == Issue::NoDueDate.name end diff --git a/app/models/issue.rb b/app/models/issue.rb index dd7a543e026..e0b0c352c22 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -128,13 +128,15 @@ class Issue < ApplicationRecord } scope :with_issue_type, ->(types) { where(issue_type: types) } - scope :public_only, -> { where(confidential: false) } + scope :public_only, -> { + without_hidden.where(confidential: false) + } + scope :confidential_only, -> { where(confidential: true) } scope :without_hidden, -> { if Feature.enabled?(:ban_user_feature_flag) - where(id: joins('LEFT JOIN banned_users ON banned_users.user_id = issues.author_id WHERE banned_users.user_id IS NULL') - .select('issues.id')) + where('NOT EXISTS (?)', Users::BannedUser.select(1).where('issues.author_id = banned_users.user_id')) else all end diff --git a/app/services/groups/open_issues_count_service.rb b/app/services/groups/open_issues_count_service.rb index 17cf3d38987..c18d239998b 100644 --- a/app/services/groups/open_issues_count_service.rb +++ b/app/services/groups/open_issues_count_service.rb @@ -3,11 +3,15 @@ module Groups # Service class for counting and caching the number of open issues of a group. class OpenIssuesCountService < Groups::CountService - PUBLIC_COUNT_KEY = 'group_public_open_issues_count' - TOTAL_COUNT_KEY = 'group_total_open_issues_count' + # TOTAL_COUNT_KEY includes confidential and hidden issues (admin) + # TOTAL_COUNT_WITHOUT_HIDDEN_KEY includes confidential issues but not hidden issues (reporter and above) + # PUBLIC_COUNT_WITHOUT_HIDDEN_KEY does not include confidential or hidden issues (guest) + TOTAL_COUNT_KEY = 'group_open_issues_including_hidden_count' + TOTAL_COUNT_WITHOUT_HIDDEN_KEY = 'group_open_issues_without_hidden_count' + PUBLIC_COUNT_WITHOUT_HIDDEN_KEY = 'group_open_public_issues_without_hidden_count' def clear_all_cache_keys - [cache_key(PUBLIC_COUNT_KEY), cache_key(TOTAL_COUNT_KEY)].each do |key| + [cache_key(TOTAL_COUNT_KEY), cache_key(TOTAL_COUNT_WITHOUT_HIDDEN_KEY), cache_key(PUBLIC_COUNT_WITHOUT_HIDDEN_KEY)].each do |key| Rails.cache.delete(key) end end @@ -15,7 +19,19 @@ module Groups private def cache_key_name - public_only? ? PUBLIC_COUNT_KEY : TOTAL_COUNT_KEY + if include_hidden? + TOTAL_COUNT_KEY + elsif public_only? + PUBLIC_COUNT_WITHOUT_HIDDEN_KEY + else + TOTAL_COUNT_WITHOUT_HIDDEN_KEY + end + end + + def include_hidden? + strong_memoize(:user_is_admin) do + user&.can_admin_all_resources? + end end def public_only? @@ -35,7 +51,8 @@ module Groups state: 'opened', non_archived: true, include_subgroups: true, - public_only: public_only? + public_only: public_only?, + include_hidden: include_hidden? ).execute end diff --git a/app/services/projects/open_issues_count_service.rb b/app/services/projects/open_issues_count_service.rb index dc450311db2..8b7a418edf5 100644 --- a/app/services/projects/open_issues_count_service.rb +++ b/app/services/projects/open_issues_count_service.rb @@ -7,8 +7,12 @@ module Projects include Gitlab::Utils::StrongMemoize # Cache keys used to store issues count - PUBLIC_COUNT_KEY = 'public_open_issues_count' - TOTAL_COUNT_KEY = 'total_open_issues_count' + # TOTAL_COUNT_KEY includes confidential and hidden issues (admin) + # TOTAL_COUNT_WITHOUT_HIDDEN_KEY includes confidential issues but not hidden issues (reporter and above) + # PUBLIC_COUNT_WITHOUT_HIDDEN_KEY does not include confidential or hidden issues (guest) + TOTAL_COUNT_KEY = 'project_open_issues_including_hidden_count' + TOTAL_COUNT_WITHOUT_HIDDEN_KEY = 'project_open_issues_without_hidden_count' + PUBLIC_COUNT_WITHOUT_HIDDEN_KEY = 'project_open_public_issues_without_hidden_count' def initialize(project, user = nil) @user = user @@ -16,16 +20,53 @@ module Projects super(project) end + # rubocop: disable CodeReuse/ActiveRecord + def refresh_cache(&block) + if block_given? + super(&block) + else + update_cache_for_key(total_count_cache_key) do + issues_with_hidden + end + + update_cache_for_key(public_count_without_hidden_cache_key) do + issues_without_hidden_without_confidential + end + + update_cache_for_key(total_count_without_hidden_cache_key) do + issues_without_hidden_with_confidential + end + end + end + + private + + def relation_for_count + self.class.query(@project, public_only: public_only?, include_hidden: include_hidden?) + end + def cache_key_name - public_only? ? PUBLIC_COUNT_KEY : TOTAL_COUNT_KEY + if include_hidden? + TOTAL_COUNT_KEY + elsif public_only? + PUBLIC_COUNT_WITHOUT_HIDDEN_KEY + else + TOTAL_COUNT_WITHOUT_HIDDEN_KEY + end + end + + def include_hidden? + user_is_admin? end def public_only? !user_is_at_least_reporter? end - def relation_for_count - self.class.query(@project, public_only: public_only?) + def user_is_admin? + strong_memoize(:user_is_admin) do + @user&.can_admin_all_resources? + end end def user_is_at_least_reporter? @@ -34,46 +75,43 @@ module Projects end end - def public_count_cache_key - cache_key(PUBLIC_COUNT_KEY) + def total_count_without_hidden_cache_key + cache_key(TOTAL_COUNT_WITHOUT_HIDDEN_KEY) + end + + def public_count_without_hidden_cache_key + cache_key(PUBLIC_COUNT_WITHOUT_HIDDEN_KEY) end def total_count_cache_key cache_key(TOTAL_COUNT_KEY) end - # rubocop: disable CodeReuse/ActiveRecord - def refresh_cache(&block) - if block_given? - super(&block) - else - count_grouped_by_confidential = self.class.query(@project, public_only: false).group(:confidential).count - public_count = count_grouped_by_confidential[false] || 0 - total_count = public_count + (count_grouped_by_confidential[true] || 0) + def issues_with_hidden + self.class.query(@project, public_only: false, include_hidden: true).count + end - update_cache_for_key(public_count_cache_key) do - public_count - end + def issues_without_hidden_without_confidential + self.class.query(@project, public_only: true, include_hidden: false).count + end - update_cache_for_key(total_count_cache_key) do - total_count - end - end + def issues_without_hidden_with_confidential + self.class.query(@project, public_only: false, include_hidden: false).count end - # rubocop: enable CodeReuse/ActiveRecord - # We only show total issues count for reporters - # which are allowed to view confidential issues + # We only show total issues count for admins, who are allowed to view hidden issues. + # We also only show issues count including confidential for reporters, who are allowed to view confidential issues. # This will still show a discrepancy on issues number but should be less than before. # Check https://gitlab.com/gitlab-org/gitlab-foss/issues/38418 description. # rubocop: disable CodeReuse/ActiveRecord - def self.query(projects, public_only: true) - issues_filtered_by_type = Issue.opened.with_issue_type(Issue::TYPES_FOR_LIST) - if public_only - issues_filtered_by_type.public_only.where(project: projects) + def self.query(projects, public_only: true, include_hidden: false) + if include_hidden + Issue.opened.with_issue_type(Issue::TYPES_FOR_LIST).where(project: projects) + elsif public_only + Issue.public_only.opened.with_issue_type(Issue::TYPES_FOR_LIST).where(project: projects) else - issues_filtered_by_type.where(project: projects) + Issue.without_hidden.opened.with_issue_type(Issue::TYPES_FOR_LIST).where(project: projects) end end # rubocop: enable CodeReuse/ActiveRecord diff --git a/app/views/groups/_home_panel.html.haml b/app/views/groups/_home_panel.html.haml index a096cdb2e57..0352f366f5d 100644 --- a/app/views/groups/_home_panel.html.haml +++ b/app/views/groups/_home_panel.html.haml @@ -13,11 +13,11 @@ = @group.name %span.visibility-icon.text-secondary.gl-ml-2.has-tooltip{ data: { container: 'body' }, title: visibility_icon_description(@group) } = visibility_level_icon(@group.visibility_level, options: {class: 'icon'}) - .home-panel-metadata.d-flex.align-items-center.text-secondary + .home-panel-metadata.text-secondary %span = _("Group ID: %{group_id}") % { group_id: @group.id } - if current_user - %span.access-request-links.gl-ml-3 + %span.gl-ml-3 = render 'shared/members/access_request_links', source: @group .home-panel-buttons.col-md-12.col-lg-6 diff --git a/app/views/projects/_home_panel.html.haml b/app/views/projects/_home_panel.html.haml index e1769d40ce7..f2cee618849 100644 --- a/app/views/projects/_home_panel.html.haml +++ b/app/views/projects/_home_panel.html.haml @@ -15,13 +15,13 @@ %span.visibility-icon.text-secondary.gl-ml-2.has-tooltip{ data: { container: 'body' }, title: visibility_icon_description(@project) } = visibility_level_icon(@project.visibility_level, options: { class: 'icon' }) = render_if_exists 'compliance_management/compliance_framework/compliance_framework_badge', project: @project - .home-panel-metadata.d-flex.flex-wrap.text-secondary.gl-font-base.gl-font-weight-normal.gl-line-height-normal + .home-panel-metadata.text-secondary.gl-font-base.gl-font-weight-normal.gl-line-height-normal - if can?(current_user, :read_project, @project) - button_class = "btn gl-button btn-sm btn-tertiary btn-default-tertiary home-panel-metadata" - button_text = s_('ProjectPage|Project ID: %{project_id}') % { project_id: @project.id } = clipboard_button(title: s_('ProjectPage|Copy project ID'), text: @project.id, hide_button_icon: true, button_text: button_text, class: button_class, qa_selector: 'project_id_content', itemprop: 'identifier') - if current_user - %span.access-request-links.gl-ml-3 + %span.gl-display-inline-block.gl-vertical-align-middle.gl-ml-3 = render 'shared/members/access_request_links', source: @project .gl-mt-3.gl-pl-3.gl-w-full diff --git a/app/views/shared/members/_access_request_links.html.haml b/app/views/shared/members/_access_request_links.html.haml index a983a736a1e..8600db25e65 100644 --- a/app/views/shared/members/_access_request_links.html.haml +++ b/app/views/shared/members/_access_request_links.html.haml @@ -5,13 +5,11 @@ = link_to link_text, polymorphic_path([:leave, source, :members]), method: :delete, data: { confirm: leave_confirmation_message(source), qa_selector: 'leave_group_link' }, - class: '.gl-pl-3.gl-border-l-1.gl-border-l-solid.gl-border-l-gray-500 js-leave-link' + class: 'js-leave-link' - elsif requester = source.requesters.find_by(user_id: current_user.id) # rubocop: disable CodeReuse/ActiveRecord = link_to _('Withdraw Access Request'), polymorphic_path([:leave, source, :members]), method: :delete, - data: { confirm: remove_member_message(requester) }, - class: '.gl-pl-3.gl-border-l-1.gl-border-l-solid.gl-border-l-gray-500' + data: { confirm: remove_member_message(requester) } - elsif source.request_access_enabled && can?(current_user, :request_access, source) = link_to _('Request Access'), polymorphic_path([:request_access, source, :members]), - method: :post, - class: '.gl-pl-3.gl-border-l-1.gl-border-l-solid.gl-border-l-gray-500' + method: :post diff --git a/config/feature_flags/development/variable_inside_variable.yml b/config/feature_flags/development/variable_inside_variable.yml index fee4897b3f0..2060958590f 100644 --- a/config/feature_flags/development/variable_inside_variable.yml +++ b/config/feature_flags/development/variable_inside_variable.yml @@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/297382 milestone: '13.11' type: development group: group::runner -default_enabled: true +default_enabled: false diff --git a/doc/administration/consul.md b/doc/administration/consul.md index c88047c4c61..9289fc7cc61 100644 --- a/doc/administration/consul.md +++ b/doc/administration/consul.md @@ -21,7 +21,7 @@ Before configuring Consul: 1. Review the [reference architecture](reference_architectures/index.md#available-reference-architectures) documentation to determine the number of Consul server nodes you should have. -1. If necessary, ensure the [appropriate ports are open](https://docs.gitlab.com/omnibus/package-information/defaults.html#ports) in your firewall. +1. If necessary, ensure the [appropriate ports are open](package-information/defaults.md#ports) in your firewall. ## Configure the Consul nodes diff --git a/doc/administration/geo/index.md b/doc/administration/geo/index.md index 4ee3c77da2e..82f13fe1e38 100644 --- a/doc/administration/geo/index.md +++ b/doc/administration/geo/index.md @@ -138,7 +138,7 @@ The following table lists basic ports that must be open between the **primary** | 22 | 22 | TCP | | 5432 | | PostgreSQL | -See the full list of ports used by GitLab in [Package defaults](https://docs.gitlab.com/omnibus/package-information/defaults.html) +See the full list of ports used by GitLab in [Package defaults](../package-information/defaults.md) NOTE: [Web terminal](../../ci/environments/index.md#web-terminals) support requires your load balancer to correctly handle WebSocket connections. diff --git a/doc/administration/package-information/defaults.md b/doc/administration/package-information/defaults.md new file mode 100644 index 00000000000..45bea065995 --- /dev/null +++ b/doc/administration/package-information/defaults.md @@ -0,0 +1,72 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Package defaults + +Unless configuration is specified in the `/etc/gitlab/gitlab.rb` file, +the package will assume the defaults as noted below. + +## Ports + +See the table below for the list of ports that the Omnibus GitLab assigns +by default: + +| Component | On by default | Communicates via | Alternative | Connection port | +| :----------------------------------------------------: | :------------: | :--------------: | :---------: | :------------------------------------: | +| <a name="gitlab-rails"></a> GitLab Rails | Yes | Port | X | 80 or 443 | +| <a name="gitlab-shell"></a> GitLab Shell | Yes | Port | X | 22 | +| <a name="postgresql"></a> PostgreSQL | Yes | Socket | Port (5432) | X | +| <a name="redis"></a> Redis | Yes | Socket | Port (6379) | X | +| <a name="puma"></a> Puma | Yes | Socket | Port (8080) | X | +| <a name="gitlab-workhorse"></a> GitLab Workhorse | Yes | Socket | Port (8181) | X | +| <a name="nginx-status"></a> NGINX status | Yes | Port | X | 8060 | +| <a name="prometheus"></a> Prometheus | Yes | Port | X | 9090 | +| <a name="node-exporter"></a> Node exporter | Yes | Port | X | 9100 | +| <a name="redis-exporter"></a> Redis exporter | Yes | Port | X | 9121 | +| <a name="postgres-exporter"></a> PostgreSQL exporter | Yes | Port | X | 9187 | +| <a name="pgbouncer-exporter"></a> PgBouncer exporter | No | Port | X | 9188 | +| <a name="gitlab-exporter"></a> GitLab Exporter | Yes | Port | X | 9168 | +| <a name="sidekiq-exporter"></a> Sidekiq exporter | Yes | Port | X | 8082 | +| <a name="puma-exporter"></a> Puma exporter | No | Port | X | 8083 | +| <a name="geo-postgresql"></a> Geo PostgreSQL | No | Socket | Port (5431) | X | +| <a name="redis-sentinel"></a> Redis Sentinel | No | Port | X | 26379 | +| <a name="incoming-email"></a> Incoming email | No | Port | X | 143 | +| <a name="elasticsearch"></a> Elastic search | No | Port | X | 9200 | +| <a name="gitlab-pages"></a> GitLab Pages | No | Port | X | 80 or 443 | +| <a name="gitlab-registry-web"></a> GitLab Registry | No* | Port | X | 80, 443 or 5050 | +| <a name="gitlab-registry"></a> GitLab Registry | No | Port | X | 5000 | +| <a name="ldap"></a> LDAP | No | Port | X | Depends on the component configuration | +| <a name="kerberos"></a> Kerberos | No | Port | X | 8443 or 8088 | +| <a name="omniauth"></a> OmniAuth | Yes | Port | X | Depends on the component configuration | +| <a name="smtp"></a> SMTP | No | Port | X | 465 | +| <a name="remote-syslog"></a> Remote syslog | No | Port | X | 514 | +| <a name="mattermost"></a> Mattermost | No | Port | X | 8065 | +| <a name="mattermost-web"></a> Mattermost | No | Port | X | 80 or 443 | +| <a name="pgbouncer"></a> PgBouncer | No | Port | X | 6432 | +| <a name="consul"></a> Consul | No | Port | X | 8300, 8301(UDP), 8500, 8600[^Consul-notes] | +| <a name="patroni"></a> Patroni | No | Port | X | 8008 | +| <a name="gitlab-kas"></a> GitLab KAS | No | Port | X | 8150 | +| <a name="gitaly"></a> Gitaly | No | Port | X | 8075 | + +Legend: + +- `Component` - Name of the component. +- `On by default` - Is the component running by default. +- `Communicates via` - How the component talks with the other components. +- `Alternative` - If it is possible to configure the component to use different type of communication. The type is listed with default port used in that case. +- `Connection port` - Port on which the component communicates. + +GitLab also expects a filesystem to be ready for the storage of Git repositories +and various other files. + +Note that if you are using NFS (Network File System), files will be carried +over a network which will require, based on implementation, ports `111` and +`2049` to be open. + +NOTE: +In some cases, the GitLab Registry will be automatically enabled by default. Please see [our documentation](../packages/container_registry.md) for more details + + [^Consul-notes]: If using additional Consul functionality, more ports may need to be opened. See the [official documentation](https://www.consul.io/docs/install/ports#ports-table) for the list. diff --git a/doc/administration/package-information/deprecated_os.md b/doc/administration/package-information/deprecated_os.md new file mode 100644 index 00000000000..251dbe1e20e --- /dev/null +++ b/doc/administration/package-information/deprecated_os.md @@ -0,0 +1,82 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# OS Versions that are no longer supported + +GitLab provides omnibus packages for operating systems only until their +EOL (End-Of-Life). After the EOL date of the OS, GitLab will stop releasing +official packages. The list of deprecated operating systems and the final GitLab +release for them can be found below: + +| OS Version | End Of Life | Last supported GitLab version | +| --------------- | ---------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Raspbian Wheezy | [May 2015](https://downloads.raspberrypi.org/raspbian/images/raspbian-2015-05-07/) | [GitLab CE](https://packages.gitlab.com/app/gitlab/raspberry-pi2/search?q=gitlab-ce_8.17&dist=debian%2Fwheezy) 8.17 | +| OpenSUSE 13.2 | [January 2017](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-9.1&dist=opensuse%2F13.2) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-9.1&dist=opensuse%2F13.2) 9.1 | +| Ubuntu 12.04 | [April 2017](https://ubuntu.com/info/release-end-of-life) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce_9.1&dist=ubuntu%2Fprecise) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee_9.1&dist=ubuntu%2Fprecise) 9.1 | +| OpenSUSE 42.1 | [May 2017](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-9.3&dist=opensuse%2F42.1) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-9.3&dist=opensuse%2F42.1) 9.3 | +| OpenSUSE 42.2 | [January 2018](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-10.4&dist=opensuse%2F42.2) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-10.4&dist=opensuse%2F42.2) 10.4 | +| Debian Wheezy | [May 2018](https://www.debian.org/News/2018/20180601) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce_11.6&dist=debian%2Fwheezy) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee_11.6&dist=debian%2Fwheezy) 11.6 | +| Raspbian Jessie | [May 2017](https://downloads.raspberrypi.org/raspbian/images/raspbian-2017-07-05/) | [GitLab CE](https://packages.gitlab.com/app/gitlab/raspberry-pi2/search?q=gitlab-ce_11.7&dist=debian%2Fjessie) 11.7 | +| Ubuntu 14.04 | [April 2019](https://ubuntu.com/info/release-end-of-life) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce_11.10&dist=ubuntu%2Ftrusty) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee_11.10&dist=ubuntu%2Ftrusty) 11.10 | +| OpenSUSE 42.3 | [July 2019](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-12.1&dist=opensuse%2F42.3) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-12.1&dist=opensuse%2F42.3) 12.1 | +| OpenSUSE 15.0 | [December 2019](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-12.5&dist=opensuse%2F15.0) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-12.5&dist=opensuse%2F15.0) 12.5 | +| Raspbian Stretch | [June 2020](https://downloads.raspberrypi.org/raspbian/images/raspbian-2019-04-09/) | [GitLab CE](https://packages.gitlab.com/app/gitlab/raspberry-pi2/search?q=gitlab-ce_13.2&dist=raspbian%2Fstretch) 13.3 | +| Debian Jessie | [June 2020](https://www.debian.org/News/2020/20200709) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce_13.2&dist=debian%2Fjessie) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee_13.2&dist=debian%2Fjessie) 13.3 | +| CentOS 6 | [November 2020](https://wiki.centos.org/About/Product) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=13.6&filter=all&filter=all&dist=el%2F6) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=13.6&filter=all&filter=all&dist=el%2F6) 13.6 | +| OpenSUSE 15.1 | [November 2020](https://en.opensuse.org/Lifetime#Discontinued_distributions) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce-13.12&dist=opensuse%2F15.1) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee-13.12&dist=opensuse%2F15.2) 13.12 | +| Ubuntu 16.04 | [April 2021](https://ubuntu.com/info/release-end-of-life) | [GitLab CE](https://packages.gitlab.com/app/gitlab/gitlab-ce/search?q=gitlab-ce_13.12&dist=ubuntu%2Fxenial) / [GitLab EE](https://packages.gitlab.com/app/gitlab/gitlab-ee/search?q=gitlab-ee_13.12&dist=ubuntu%2Fxenial) 13.12 | + +NOTE: +An exception to this deprecation policy is when we are unable to provide +packages for the next version of the operating system. The most common reason +for this our package repository provider, Packagecloud, not supporting newer +versions and hence we can't upload packages to it. + +## Update GitLab package sources after upgrading the OS + +After upgrading the Operating System (OS) as per its own documentation, +it may be necessary to also update the GitLab package source URL +in your package manager configuration. +If your package manager reports that no further updates are available, +although [new versions have been released](https://about.gitlab.com/releases/categories/releases/), repeat the +"Add the GitLab package repository" instructions +of the [Linux package install guide](https://about.gitlab.com/install/#content). +Future GitLab upgrades will now be fetched according to your upgraded OS. + +## Supported Operating Systems + +GitLab officially supports LTS versions of operating systems. While OSs like +Ubuntu have a clear distinction between LTS and non-LTS versions, there are +other OSs, openSUSE for example, that don't follow the LTS concept. Hence to +avoid confusion, the official policy is that at any point of time, all the +operating systems supported by GitLab are listed in the [installation +page](https://about.gitlab.com/install/). + +The following lists the currently supported OSs and their possible EOL dates. + +| OS Version | First supported GitLab version | Arch | OS EOL | Details | +| ---------------- | ------------------------------ | --------------- | ------------- | ------------------------------------------------------------ | +| CentOS 7 | GitLab CE / GitLab EE 7.10.0 | x86_64 | June 2024 | <https://wiki.centos.org/About/Product> | +| CentOS 8 | GitLab CE / GitLab EE 12.8.1 | x86_64, aarch64 | Dec 2021 | <https://wiki.centos.org/About/Product> | +| Debian 9 | GitLab CE / GitLab EE 9.3.0 | amd64 | 2022 | <https://wiki.debian.org/DebianReleases#Production_Releases> | +| Debian 10 | GitLab CE / GitLab EE 12.2.0 | amd64, arm64 | TBD | <https://wiki.debian.org/DebianReleases#Production_Releases> | +| OpenSUSE 15.2 | GitLab CE / GitLab EE 13.11.0 | x86_64, aarch64 | Dec 2021 | <https://en.opensuse.org/Lifetime> | +| SLES 12 | GitLab EE 9.0.0 | x86_64 | Oct 2027 | <https://www.suse.com/lifecycle/> | +| Ubuntu 18.04 | GitLab CE / GitLab EE 10.7.0 | amd64 | April 2023 | <https://wiki.ubuntu.com/Releases> | +| Ubuntu 20.04 | GitLab CE / GitLab EE 13.2.0 | amd64, arm64 | April 2025 | <https://wiki.ubuntu.com/Releases> | +| Raspbian Buster | GitLab CE 12.2.0 | armhf | 2022 | <https://wiki.debian.org/DebianReleases#Production_Releases> | + +### Packages for ARM64 + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-omnibus-builder/-/issues/27) in GitLab 13.4. + +GitLab provides arm64/aarch64 packages for some supported operating systems. +You can see if your operating system architecture is supported in the table +above. + +WARNING: +There are currently still some [known issues and limitation](https://gitlab.com/groups/gitlab-org/-/epics/4397) +running GitLab on ARM. diff --git a/doc/administration/package-information/deprecation_policy.md b/doc/administration/package-information/deprecation_policy.md new file mode 100644 index 00000000000..cc16661442a --- /dev/null +++ b/doc/administration/package-information/deprecation_policy.md @@ -0,0 +1,95 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Deprecation policy + +The Omnibus GitLab packages come with number of different libraries and services which offers users plethora of configuration options. + +As libraries and services get updated, their configuration options change +and become obsolete. To increase maintainability and preserve a working +setup, various configuration requires removal. + +## Configuration deprecation + +### Policy + +The Omnibus GitLab package will retain configuration for at least **one major** +version. We cannot guarantee that deprecated configuration +will be available in the next major release. See [example](#example) for more details. + +### Notice + +If the configuration becomes obsolete, we will announce the deprecation: + +- via release blog post on `https://about.gitlab.com/blog/`. The blog post item + will contain the deprecation notice together with the target removal date. +- via installation/reconfigure output (if applicable). +- via official documentation on `https://docs.gitlab.com/`. The documentation update will contain the corrected syntax (if applicable) or a date of configuration removal. + +### Procedure + +This section lists steps necessary for deprecating and removing configuration. + +We can differentiate two different types of configuration: + +- Sensitive: Configuration that can cause major service outage ( Data integrity, + installation integrity, preventing users from reaching the installation, etc.) +- Regular: Configuration that can make a feature unavailable but still makes the installation useable ( Change in default project/group settings, miscommunication with other components and similar ) + +We also need to differentiate deprecation and removal procedure. + +#### Deprecating configuration + +Deprecation procedure is similar for both `sensitive` and `regular` configuration. The only difference is in the removal target date. + +Common steps: + +1. Create an issue at the [Omnibus GitLab issue tracker](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues) with details on deprecation type and other necessary information. Apply the label `deprecation`. +1. Decide on the removal target for the deprecated configuration +1. Formulate deprecation notice for each item as noted in [Notice section](#notice) + +Removal target: + +For regular configuration, removal target should always be the date of the **next major** release. If the date is not known, you can reference the next major version. + +For sensitive configuration things are a bit more complicated. +We should aim to not remove sensitive configuration in the *next major* release if the next major release is 2 minor releases away (This number is chosen to match our security backport release policy). + +See the table below for some examples: + +| Config. type | Deprecation announced | Final minor release | Remove | +| -------- | -------- | -------- | -------- | +| Sensitive | 10.1.0 | 10.9.0 | 11.0.0 | +| Sensitive | 10.7.0 | 10.9.0 | 12.0.0 | +| Regular | 10.1.0 | 10.9.0 | 11.0.0 | +| Regular | 10.8.0 | 10.9.0 | 11.0.0 | + +#### Removing configuration + +When deprecation is announced and removal target set, the milestone for the issue +should be changed to match the removal target version. + +The final comment in the issue **has to have**: + +1. Text snippet for the release blog post section +1. Documentation MR ( or snippet ) for introducing the change +1. Draft MR removing the configuration OR details on what needs to be done. See [Adding deprecation messages](https://docs.gitlab.com/omnibus/development/adding-deprecation-messages.html) for more on this + +## Example + +User configuration available in `/etc/gitlab/gitlab.rb` was introduced in GitLab version 10.0, `gitlab_rails['configuration'] = true`. In GitLab version 10.4.0, a new change was introduced that requires rename of this configuration option. New configuration option is `gitlab_rails['better_configuration'] = true`. Development team will translate the old configuration into new one +and trigger a deprecation procedure. + +This means that these two configuration +options will both be valid through GitLab version 10. In other words, +if you still have `gitlab_rails['configuration'] = true` set in GitLab 10.8.0 +the feature will continue working the same way as if you had `gitlab_rails['better_configuration'] = true` set. +However, setting the old version of configuration will print out a deprecation +notice at the end of installation/upgrade/reconfigure run. + +With GitLab 11, `gitlab_rails['configuration'] = true` will no longer work and you will have to manually change the configuration in `/etc/gitlab/gitlab.rb` to the new valid config. +**Note** If this configuration option is sensitive and can put integrity of the installation or +data in danger, installation/upgrade will be aborted. diff --git a/doc/administration/package-information/index.md b/doc/administration/package-information/index.md new file mode 100644 index 00000000000..e18fb621b89 --- /dev/null +++ b/doc/administration/package-information/index.md @@ -0,0 +1,101 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Package information + +The Omnibus GitLab package is bundled with all dependencies required for GitLab +to function correctly. More details can be found +at [bundling dependencies document](omnibus_packages.md). + +## Package Version + +The released package versions are in the format `MAJOR.MINOR.PATCH-EDITION.OMNIBUS_RELEASE` + +| Component | Meaning | Example | +| --------- | ------- | ------- | +| MAJOR.MINOR.PATCH | The GitLab version this corresponds to | 13.3.0 | +| EDITION | The edition of GitLab this corresponds to | ee | +| OMNIBUS_RELEASE | The omnibus release. Usually, this will be 0. This will be incremented if we need to build a new package without changing the GitLab version. | 0 | + +## Licenses + +See [licensing](licensing.md) + +## Defaults + +The Omnibus GitLab package requires various configuration to get the +components in working order. +If the configuration is not provided, the package will use the default +values assumed in the package. + +These defaults are noted in the package [defaults document](defaults.md). + +## Checking the versions of bundled software + +Once the Omnibus GitLab package is installed, all versions of the bundled +libraries are located in `/opt/gitlab/version-manifest.txt`. + +If you don't have the package installed, you can always check the Omnibus GitLab +[source repository](https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master), specifically the +[config directory](https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master/config). + +For example, if you take a look at the `8-6-stable` branch, you can conclude that +8.6 packages were running [Ruby 2.1.8](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/8-6-stable/config/projects/gitlab.rb#L48). +Or, that 8.5 packages were bundled with [NGINX 1.9.0](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/8-5-stable/config/software/nginx.rb#L20). + +## Signatures of GitLab, Inc. provided packages + +Documentation on package signatures can be found at [Signed Packages](signed_packages.md) + +## Checking for newer configuration options on upgrade + +Configuration file in `/etc/gitlab/gitlab.rb` is created on initial installation +of the Omnibus GitLab package. On subsequent package upgrades, the configuration +file is not updated with new configuration. This is done in order to avoid +accidental overwrite of user configuration provided in `/etc/gitlab/gitlab.rb`. + +New configuration options are noted in the +[`gitlab.rb.template` file](https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template). + +The Omnibus GitLab package also provides convenience command which will +compare the existing user configuration with the latest version of the +template contained in the package. + +To view a diff between your configuration file and the latest version, run: + +```shell +sudo gitlab-ctl diff-config +``` + +_**Note:** This command is available from GitLab 8.17_ + +**Important:** If you are copy-pasting the output of this command into your +`/etc/gitlab/gitlab.rb` configuration file, make sure to omit leading `+` and `-` +on each line. + +## Init system detection + +Omnibus GitLab will attempt to query the underlaying system in order to +check which init system it uses. +This manifests itself as a `WARNING` during the `sudo gitlab-ctl reconfigure` +run. + +Depending on the init system, this `WARNING` can be one of: + +```plaintext +/sbin/init: unrecognized option '--version' +``` + +when the underlying init system *IS NOT* upstart. + +```plaintext + -.mount loaded active mounted / +``` + +when the underlying init system *IS* systemd. + +These warnings _can be safely ignored_. They are not suppressed because this +allows everyone to debug possible detection issues faster. diff --git a/doc/administration/package-information/licensing.md b/doc/administration/package-information/licensing.md new file mode 100644 index 00000000000..8557a94bf93 --- /dev/null +++ b/doc/administration/package-information/licensing.md @@ -0,0 +1,79 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Package Licensing + +## License + +While GitLab itself is MIT, the Omnibus GitLab sources are licensed under the Apache-2.0. + +## License file location + +Starting with version 8.11, the Omnibus GitLab package contains license +information of all software that is bundled within the package. + +After installing the package, licenses for each individual bundled library +can be found in `/opt/gitlab/LICENSES` directory. + +There is also one `LICENSE` file which contains all licenses compiled together. +This compiled license can be found in `/opt/gitlab/LICENSE` file. + +Starting with version 9.2, the Omnibus GitLab package ships a +`dependency_licenses.json` file containing version and license information of +all bundled software, including software libraries, Ruby gems that the rails +application uses, and JavaScript libraries that is required for the frontend +components. This file, being in JSON format, is easily machine parseable and +can be used for automated checks or validations. The file may be found at +`/opt/gitlab/dependency_licenses.json`. + +Starting with version 11.3, we have also made the license information available +online, at: <https://gitlab-org.gitlab.io/omnibus-gitlab/licenses.html> + +## Checking licenses + +The Omnibus GitLab package is made up of many pieces of software, comprising code +that is covered by many different licenses. Those licenses are provided and +compiled as stated above. + +Starting with version 8.13, GitLab has placed an additional step into +Omnibus GitLab. The `license_check` step calls +`lib/gitlab/tasks/license_check.rake`, which checks the compiled `LICENSE` file +against the current list of approved and questionable licenses as denoted in the +arrays at the top of the script. This script will output one of `Good`, +`Unknown` or `Check` for each piece of software that is a part of the +Omnibus GitLab package. + +- `Good`: denotes a license that is approved for all usage types, within GitLab and + Omnibus GitLab. +- `Unknown`: denotes a license that is not recognized in the list of 'good' or 'bad', + which should be immediately reviewed for implications of use. +- `Check`: denotes a license that has the potential be incompatible with GitLab itself, + and thus should be checked for how it is used as a part of the Omnibus GitLab package + to ensure compliance. + +This list is currently sourced from the [GitLab development documentation on licensing](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/doc/development/licensing.md). +However, due to the nature of the Omnibus GitLab package the licenses may not apply +in the same way. Such as with `git` and `rsync`. See the [GNU License FAQ](https://www.gnu.org/licenses/gpl-faq.en.html#MereAggregation) + +## License acknowledgements + +### libjpeg-turbo - BSD 3-clause license + +This software is based in part on the work of the Independent JPEG Group. + +## Trademark Usage + +Within the GitLab documentation, reference to third party technology(ies) and/or trademarks of third party entities, may be made. The inclusion of reference to third party technology and/or entities is solely for the purposes of example(s) of how GitLab software may interact with, or be used in conjunction with, such third party technology. +All trademarks, materials, documentation, and other intellectual property remain the property of any/all such third party. + +### Trademark Requirements + +Use of GitLab Trademarks must be in compliance with the standards set forth in [our guidelines](https://about.gitlab.com/handbook/marketing/corporate-marketing/brand-activation/trademark-guidelines/) (as updated from time to time). +CHEF® and all Chef marks are owned by Progress Software Corporation and must be used in accordance with the [Progress Software Trademark Usage Policy](https://www.progress.com/legal/trademarks). + +When using a GitLab or 3rd party trademark in documentation, include the (R) symbol in the first instance, for example, "Chef(R) is used for configuring...." You may omit the symbol in subsequent instances. + +If a trademark owner requires a particular notice or trademark requirement, such notice or requirement should be stated above. diff --git a/doc/administration/package-information/omnibus_packages.md b/doc/administration/package-information/omnibus_packages.md new file mode 100644 index 00000000000..aa73534fc55 --- /dev/null +++ b/doc/administration/package-information/omnibus_packages.md @@ -0,0 +1,115 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Omnibus based packages and images + +Below you can find some basic information on why GitLab provides packages and +a Docker image that come with bundled dependencies. + +These methods are great for physical and virtual machine installations, and simple Docker installations. + +## Goals + +We have a few core goals with these packages: + +1. Extremely easy to install, upgrade, maintain. +1. Support for a wide variety of operating systems +1. Wide support of cloud service providers + +## Omnibus GitLab Architecture + +GitLab in its core is a Ruby on Rails project. However, GitLab as a whole +application is more complex and has multiple components. If these components are +not present or are incorrectly configured, GitLab will not work or it will work +unpredictably. + +The [GitLab Architecture Overview](../../development/architecture.md#gitlab-architecture-overview) shows some of these components and how they +interact. Each of these components needs to be configured and kept up to date. + +Most of the components also have external dependencies. For example, the Rails +application depends on a number of [Ruby gems](https://gitlab.com/gitlab-org/gitlab-foss/blob/master/Gemfile.lock). Some of these dependencies also +have their own external dependencies which need to be present on the Operating +System in order for them to function correctly. + +Furthermore, GitLab has a monthly release cycle requiring frequent maintenance +to stay up to date. + +All the things listed above present a challenge for the user maintaining the GitLab +installation. + +## External Software Dependencies + +For applications such as GitLab, external dependencies usually bring the following +challenges: + +- Keeping versions in sync between direct and indirect dependencies +- Availability of a version on a specific Operating System +- Version changes can introduce or remove previously used configuration +- Security implications when library is marked as vulnerable but does not have + a new version released yet + +Keep in mind that if a dependency exists on your Operating System, it does not +necessarily exist on other supported OSs. + +## Benefits + +A few benefits of a package with bundled dependencies: + +1. Minimal effort required to install GitLab. +1. Minimum configuration required to get GitLab up and running. +1. Minimum effort required to upgrade between GitLab versions. +1. Multiple platforms supported. +1. Maintenance on older platforms is greatly simplified. +1. Less effort to support potential issues. + +## Drawbacks + +Some drawbacks of a package with bundled dependencies: + +1. Duplication with possibly existing software. +1. Less flexibility in configuration. + +## Why would I install an omnibus package when I can use a system package? + +The answer can be simplified to: less maintenance required. Instead of handling +multiple packages that *can* break existing functionality if the versions are +not compatible, only handle one. + +Multiple packages require correct configuration in multiple locations. +Keeping configuration in sync can be error prone. + +If you have the skill set to maintain all current dependencies and enough time +to handle any future dependencies that might get introduced, the above listed +reasons might not be good enough for you to not use the omnibus package. + +There are two things to keep in mind before going down this route: + +1. Getting support for any problems + you encounter might be more difficult due to the number of possibilities that exist + when using a library version that is not tested by majority of users. +1. Omnibus package also allows shutting off of any services that you do not need, + if you need to run a component independently. For example, you can use a + [non-bundled PostgreSQL database](https://docs.gitlab.com/omnibus/settings/database.html#using-a-non-packaged-postgresql-database-management-server) with the omnibus package. + +Keep in mind that a non-standard solution like the omnibus package +might be a better fit when the application has a number of moving parts. + +## Docker image with multiple services + +[GitLab Docker image](../../install/docker.md#gitlab-docker-images) is based on the omnibus package. + +Considering that container spawned from this image contains multiple processes, +these types of containers are also referred to as 'fat containers'. + +There are reasons for and against an image like this, but they are similar to +what was noted above: + +1. Very simple to get started. +1. Upgrading to the latest version is extremely simple. +1. Running separate services in multiple containers and keeping them running + can be more complex and might not be required for a given install. + +This method is useful for organizations just getting started with containers and schedulers, and may not be ready for a more complex installation. This method is a great introduction, and will work well for smaller organizations. diff --git a/doc/administration/package-information/postgresql_versions.md b/doc/administration/package-information/postgresql_versions.md new file mode 100644 index 00000000000..89da4864872 --- /dev/null +++ b/doc/administration/package-information/postgresql_versions.md @@ -0,0 +1,42 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# PostgreSQL versions shipped with Omnibus GitLab + +NOTE: +This table lists only GitLab versions where a significant change happened in the +package regarding PostgreSQL versions, not all. + +Usually, PostgreSQL versions change with major or minor GitLab releases. However, patch versions +of Omnibus GitLab sometimes update the patch level of PostgreSQL. + +For example: + +- Omnibus 12.7.6 shipped with PostgreSQL 9.6.14 and 10.9. +- Omnibus 12.7.7 shipped with PostgreSQL 9.6.17 and 10.12. + +[Find out which versions of PostgreSQL (and other components) ship with +each Omnibus GitLab release](https://gitlab-org.gitlab.io/omnibus-gitlab/licenses.html). + +Read more about update policies and warnings in the PostgreSQL +[upgrade docs](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server). + +| GitLab version | PostgreSQL versions | Default version for fresh installs | Default version for upgrades | Notes | +| -------------- | --------------------- | ---------------------------------- | ---------------------------- | ----- | +| 14.1 | 12.6, 13.3 | 12.6 | 12.6 | PostgreSQL 13 available for fresh installations if not using Geo or High Availability. | +| 14.0 | 12.6 | 12.6 | 12.6 | HA installations with repmgr are no longer supported and will be prevented from upgrading to Omnibus GitLab 14.0 | +| 13.8 | 11.9, 12.4 | 12.4 | 12.4 | Package upgrades automatically performed PostgreSQL upgrade for nodes that are not part of a Geo or HA cluster.). | +| 13.7 | 11.9, 12.4 | 12.4 | 11.9 | For upgrades users can manually upgrade to 12.4 following the [upgrade docs](https://docs.gitlab.com/omnibus/settings/database.html#gitlab-133-and-later). | +| 13.4 | 11.9, 12.4 | 11.9 | 11.9 | Package upgrades aborted if users not running PostgreSQL 11 already | +| 13.3 | 11.7, 12.3 | 11.7 | 11.7 | Package upgrades aborted if users not running PostgreSQL 11 already | +| 13.0 | 11.7 | 11.7 | 11.7 | Package upgrades aborted if users not running PostgreSQL 11 already | +| 12.10 | 9.6.17, 10.12, and 11.7 | 11.7 | 11.7 | Package upgrades automatically performed PostgreSQL upgrade for nodes that are not part of a Geo or repmgr cluster. | +| 12.8 | 9.6.17, 10.12, and 11.7 | 10.12 | 10.12 | Users can manually upgrade to 11.7 following the upgrade docs. | +| 12.0 | 9.6.11 and 10.7 | 10.7 | 10.7 | Package upgrades automatically performed PostgreSQL upgrade. | +| 11.11 | 9.6.11 and 10.7 | 9.6.11 | 9.6.11 | Users can manually upgrade to 10.7 following the upgrade docs. | +| 10.0 | 9.6.3 | 9.6.3 | 9.6.3 | Package upgrades aborted if users still on 9.2. | +| 9.0 | 9.2.18 and 9.6.1 | 9.6.1 | 9.6.1 | Package upgrades automatically performed PostgreSQL upgrade. | +| 8.14 | 9.2.18 and 9.6.1 | 9.2.18 | 9.2.18 | Users can manually upgrade to 9.6 following the upgrade docs. | diff --git a/doc/administration/package-information/signed_packages.md b/doc/administration/package-information/signed_packages.md new file mode 100644 index 00000000000..fb994809460 --- /dev/null +++ b/doc/administration/package-information/signed_packages.md @@ -0,0 +1,25 @@ +--- +stage: Enablement +group: Distribution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers +--- + +# Package Signatures + +As of the release of GitLab 9.5 on August 22, 2017, GitLab provides signed Omnibus GitLab packages for RPM and DEB based distributions. This means that all packages provided on <https://packages.gitlab.com> are signed, starting with `9.5.0`, and all future versions of supported branches (e.g. `9.3.x` and `9.4.x` after August 22, 2017). Any package version prior to August 22, 2017, will not be signed. Please pass the appropriate argument to your package manager. (Example: `yum --nogpgcheck`) + +Omnibus GitLab packages produced by GitLab are created via the [Omnibus](https://github.com/chef/omnibus) tool, for which GitLab has added DEB signing via `debsigs` in [our own fork](https://gitlab.com/gitlab-org/omnibus). This addition, combined with the existing functionality of RPM signing, allows GitLab to provide signed packages for all supported distributions using DEB or RPM. + +These packages are produced by the GitLab CI process, as found in the [Omnibus GitLab project](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/.gitlab-ci.yml), prior to their delivery to <https://packages.gitlab.com> to ensure provide assurance that the packages are not altered prior to delivery to our community. + +## GnuPG Public Keys + +All packages are signed with [GnuPG](https://www.gnupg.org/), in a method appropriate for their format. The key used to sign these packages can be found on [pgp.mit.edu](https://pgp.mit.edu) at [0x3cfcf9baf27eab47](https://pgp.mit.edu/pks/lookup?op=vindex&search=0x3CFCF9BAF27EAB47) + +## Verifying Signatures + +Information on how to verify GitLab package signatures can be found in [Package Signatures](https://docs.gitlab.com/omnibus/update/package_signatures.html). + +## GPG Signature Management + +Information on how GitLab manages GPG keys for package signing can be found in [the runbooks](https://gitlab.com/gitlab-com/runbooks/-/blob/master/docs/packaging/manage-package-signing-keys.md). diff --git a/doc/administration/packages/dependency_proxy.md b/doc/administration/packages/dependency_proxy.md index c4906ef6d8e..32e7e191011 100644 --- a/doc/administration/packages/dependency_proxy.md +++ b/doc/administration/packages/dependency_proxy.md @@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # GitLab Dependency Proxy administration **(FREE SELF)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7934) in [GitLab Premium](https://about.gitlab.com/pricing/) 11.11. -> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/273655) to [GitLab Free](https://about.gitlab.com/pricing/) in GitLab 13.6. +> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/273655) from GitLab Premium to GitLab Free in 13.6. GitLab can be used as a dependency proxy for a variety of common package managers. diff --git a/doc/administration/packages/index.md b/doc/administration/packages/index.md index 2c2e3fc0442..37473d35573 100644 --- a/doc/administration/packages/index.md +++ b/doc/administration/packages/index.md @@ -14,22 +14,17 @@ The Packages feature allows GitLab to act as a repository for the following: The Package Registry supports the following formats: -<div class="row"> -<div class="col-md-9"> -<table align="left" style="width:50%"> -<tr style="background:#dfdfdf"><th>Package type</th><th>GitLab version</th></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/composer_repository/index.html">Composer</a></td><td>13.2+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/conan_repository/index.html">Conan</a></td><td>12.6+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/go_proxy/index.html">Go</a></td><td>13.1+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/maven_repository/index.html">Maven</a></td><td>11.3+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/npm_registry/index.html">npm</a></td><td>11.7+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/nuget_repository/index.html">NuGet</a></td><td>12.8+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/pypi_repository/index.html">PyPI</a></td><td>12.10+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/generic_packages/index.html">Generic packages</a></td><td>13.5+</td></tr> -<tr><td><a href="https://docs.gitlab.com/ee/user/packages/helm_repository/index.html">Helm Charts</a></td><td>14.1+</td></tr> -</table> -</div> -</div> +| Package type | GitLab version | +|-------------------------------------------------------------------|----------------| +| [Composer](../../user/packages/composer_repository/index.md) | 13.2+ | +| [Conan](../../user/packages/conan_repository/index.md) | 12.6+ | +| [Go](../../user/packages/go_proxy/index.md) | 13.1+ | +| [Maven](../../user/packages/maven_repository/index.md) | 11.3+ | +| [npm](../../user/packages/npm_registry/index.md) | 11.7+ | +| [NuGet](../../user/packages/nuget_repository/index.md) | 12.8+ | +| [PyPI](../../user/packages/pypi_repository/index.md) | 12.10+ | +| [Generic packages](../../user/packages/generic_packages/index.md) | 13.5+ | +| [Helm Charts](../../user/packages/helm_repository/index.md) | 14.1+ | ## Accepting contributions diff --git a/doc/administration/pages/index.md b/doc/administration/pages/index.md index cb8d5c80d76..d516bde9a5d 100644 --- a/doc/administration/pages/index.md +++ b/doc/administration/pages/index.md @@ -1278,7 +1278,7 @@ in all of your GitLab Pages instances. ### 500 error with `securecookie: failed to generate random iv` and `Failed to save the session` -This problem most likely results from an [out-dated operating system](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html). +This problem most likely results from an [out-dated operating system](../package-information/deprecated_os.md). The [Pages daemon uses the `securecookie` library](https://gitlab.com/search?group_id=9970&project_id=734943&repository_ref=master&scope=blobs&search=securecookie&snippets=false) to get random strings via [`crypto/rand` in Go](https://golang.org/pkg/crypto/rand/#pkg-variables). This requires the `getrandom` system call or `/dev/urandom` to be available on the host OS. Upgrading to an [officially supported operating system](https://about.gitlab.com/install/) is recommended. diff --git a/doc/administration/postgresql/replication_and_failover.md b/doc/administration/postgresql/replication_and_failover.md index 77e66bcb77b..747833798bc 100644 --- a/doc/administration/postgresql/replication_and_failover.md +++ b/doc/administration/postgresql/replication_and_failover.md @@ -72,13 +72,13 @@ the PgBouncer service. ### Connection flow -Each service in the package comes with a set of [default ports](https://docs.gitlab.com/omnibus/package-information/defaults.html#ports). You may need to make specific firewall rules for the connections listed below: +Each service in the package comes with a set of [default ports](../package-information/defaults.md#ports). You may need to make specific firewall rules for the connections listed below: -- Application servers connect to either PgBouncer directly via its [default port](https://docs.gitlab.com/omnibus/package-information/defaults.html#pgbouncer) or via a configured Internal Load Balancer (TCP) that serves multiple PgBouncers. -- PgBouncer connects to the primary database servers [PostgreSQL default port](https://docs.gitlab.com/omnibus/package-information/defaults.html#postgresql) +- Application servers connect to either PgBouncer directly via its [default port](../package-information/defaults.md) or via a configured Internal Load Balancer (TCP) that serves multiple PgBouncers. +- PgBouncer connects to the primary database servers [PostgreSQL default port](../package-information/defaults.md) - Patroni actively manages the running PostgreSQL processes and configuration. -- PostgreSQL secondaries connect to the primary database servers [PostgreSQL default port](https://docs.gitlab.com/omnibus/package-information/defaults.html#postgresql) -- Consul servers and agents connect to each others [Consul default ports](https://docs.gitlab.com/omnibus/package-information/defaults.html#consul) +- PostgreSQL secondaries connect to the primary database servers [PostgreSQL default port](../package-information/defaults.md) +- Consul servers and agents connect to each others [Consul default ports](../package-information/defaults.md) ## Setting it up @@ -306,7 +306,7 @@ If you enable Monitoring, it must be enabled on **all** database servers. #### Enable TLS support for the Patroni API By default, Patroni's [REST API](https://patroni.readthedocs.io/en/latest/rest_api.html#rest-api) is served over HTTP. -You have the option to enable TLS and use HTTPS over the same [port](https://docs.gitlab.com/omnibus/package-information/defaults.html#patroni). +You have the option to enable TLS and use HTTPS over the same [port](../package-information/defaults.md). To enable TLS, you need PEM-formatted certificate and private key files. Both files must be readable by the PostgreSQL user (`gitlab-psql` by default, or the one set by `postgresql['username']`): @@ -789,7 +789,7 @@ You do not need any special consideration for Patroni while provisioning your da Patroni monitors the cluster and handles any failover. When the primary node fails it works with Consul to notify PgBouncer. On failure, Patroni handles the transitioning of the old primary to a replica and rejoins it to the cluster automatically. -With Patroni, the connection flow is slightly different. Patroni on each node connects to Consul agent to join the cluster. Only after this point it decides if the node is the primary or a replica. Based on this decision, it configures and starts PostgreSQL which it communicates with directly over a Unix socket. This means that if the Consul cluster is not functional or does not have a leader, Patroni and by extension PostgreSQL does not start. Patroni also exposes a REST API which can be accessed via its [default port](https://docs.gitlab.com/omnibus/package-information/defaults.html#patroni) +With Patroni, the connection flow is slightly different. Patroni on each node connects to Consul agent to join the cluster. Only after this point it decides if the node is the primary or a replica. Based on this decision, it configures and starts PostgreSQL which it communicates with directly over a Unix socket. This means that if the Consul cluster is not functional or does not have a leader, Patroni and by extension PostgreSQL does not start. Patroni also exposes a REST API which can be accessed via its [default port](../package-information/defaults.md) on each node. ### Check replication status diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index c56bc9a4dc8..d5adedc611c 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -23,7 +23,7 @@ To enable Docker commands for your CI/CD jobs, you can use: - [Docker socket binding](#use-docker-socket-binding) If you don't want to execute a runner in privileged mode, -but want to use `docker build`, you can also [use kaniko](using_kaniko.md). +but want to use `docker build`, you can also use [`kaniko`](using_kaniko.md) or [`buildah`](https://github.com/containers/buildah). If you are using shared runners on GitLab.com, [learn more about how these runners are configured](../runners/index.md). diff --git a/doc/ci/variables/where_variables_can_be_used.md b/doc/ci/variables/where_variables_can_be_used.md index 551033654f2..0f9339657fe 100644 --- a/doc/ci/variables/where_variables_can_be_used.md +++ b/doc/ci/variables/where_variables_can_be_used.md @@ -65,10 +65,9 @@ because the expansion is done in GitLab before any runner gets the job. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48627) in GitLab 13.10. [Deployed behind the `variable_inside_variable` feature flag](../../user/feature_flags.md), disabled by default. > - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/297382) in GitLab 14.3. -> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/297382) in GitLab 14.3. FLAG: -On self-managed GitLab, by default this feature is available. To hide the feature per project or for your entire instance, ask an administrator to [disable the `variable_inside_variable` flag](../../administration/feature_flags.md). +On self-managed GitLab, by default this feature is disabled. To enable the feature per project or for your entire instance, ask an administrator to [enable the `variable_inside_variable` flag](../../administration/feature_flags.md). GitLab expands job variable values recursively before sending them to the runner. For example: diff --git a/doc/development/deprecation_guidelines/index.md b/doc/development/deprecation_guidelines/index.md index 3543345aa34..4ffb993d0ae 100644 --- a/doc/development/deprecation_guidelines/index.md +++ b/doc/development/deprecation_guidelines/index.md @@ -32,6 +32,6 @@ It also should be [deprecated in advance](https://about.gitlab.com/handbook/mark For API removals, see the [GraphQL](../../api/graphql/index.md#deprecation-and-removal-process) and [GitLab API](../../api/index.md#compatibility-guidelines) guidelines. -For configuration removals, see the [Omnibus deprecation policy](https://docs.gitlab.com/omnibus/package-information/deprecation_policy.html). +For configuration removals, see the [Omnibus deprecation policy](../../administration/package-information/deprecation_policy.md). For versioning and upgrade details, see our [Release and Maintenance policy](../../policy/maintenance.md). diff --git a/doc/development/documentation/styleguide/index.md b/doc/development/documentation/styleguide/index.md index ea1cf0ebf0c..56453560394 100644 --- a/doc/development/documentation/styleguide/index.md +++ b/doc/development/documentation/styleguide/index.md @@ -1508,7 +1508,9 @@ the section. The version information must: - Whenever possible, include a link to the completed issue, merge request, or epic that introduced the feature. An issue is preferred over a merge request, and a merge request is preferred over an epic. -- Do not include information about the tier, or a link to the pricing page. +- Do not include information about the tier, unless documenting a tier change + (for example, `Feature X [moved](issue-link) to Premium in GitLab 19.2`). +- Do not link to the pricing page. The tier is provided by the [product badge](#product-tier-badges) on the heading. ```markdown diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md index 226c8fe9fda..2dc7be0356d 100644 --- a/doc/development/pipelines.md +++ b/doc/development/pipelines.md @@ -450,7 +450,7 @@ In addition, there are a few circumstances where we would always run the full Je ### PostgreSQL versions testing Our test suite runs against PG12 as GitLab.com runs on PG12 and -[Omnibus defaults to PG12 for new installs and upgrades](https://docs.gitlab.com/omnibus/package-information/postgresql_versions.html), +[Omnibus defaults to PG12 for new installs and upgrades](../administration/package-information/postgresql_versions.md), Our test suite is currently running against PG11, since GitLab.com still runs on PG11. We do run our test suite against PG11 on nightly scheduled pipelines as well as upon specific @@ -467,7 +467,7 @@ database library changes in MRs and `main` pipelines (with the `rspec db-library #### Long-term plan -We follow the [PostgreSQL versions shipped with Omnibus GitLab](https://docs.gitlab.com/omnibus/package-information/postgresql_versions.html): +We follow the [PostgreSQL versions shipped with Omnibus GitLab](../administration/package-information/postgresql_versions.md): | PostgreSQL version | 13.11 (April 2021) | 13.12 (May 2021) | 14.0 (June 2021?) | | -------------------| ---------------------- | ---------------------- | ---------------------- | diff --git a/doc/install/docker.md b/doc/install/docker.md index 9ccdc976488..c182682fe0f 100644 --- a/doc/install/docker.md +++ b/doc/install/docker.md @@ -368,7 +368,7 @@ You can then access your GitLab instance at `http://198.51.100.1/` and `https:// ### Expose GitLab on different ports -GitLab will occupy [some ports](https://docs.gitlab.com/omnibus/package-information/defaults.html) +GitLab will occupy [some ports](../administration/package-information/defaults.md) inside the container. If you want to use a different host port than `80` (HTTP) or `443` (HTTPS), diff --git a/doc/install/requirements.md b/doc/install/requirements.md index 339d3782708..212bd40dfac 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -36,7 +36,7 @@ For the installation options, see [the main installation page](index.md). Installation of GitLab on these operating systems is possible, but not supported. Please see the [installation from source guide](installation.md) and the [installation guides](https://about.gitlab.com/install/) for more information. -Please see [OS versions that are no longer supported](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html) for Omnibus installs page +Please see [OS versions that are no longer supported](../administration/package-information/deprecated_os.md) for Omnibus installs page for a list of supported and unsupported OS versions as well as the last support GitLab version for that OS. ### Microsoft Windows diff --git a/doc/update/package/index.md b/doc/update/package/index.md index d0b1e46597c..d34396d7b84 100644 --- a/doc/update/package/index.md +++ b/doc/update/package/index.md @@ -183,7 +183,7 @@ To download and install GitLab: ### GitLab 13.7 and later unavailable on Amazon Linux 2 -Amazon Linux 2 is not an [officially supported operating system](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html#supported-operating-systems). +Amazon Linux 2 is not an [officially supported operating system](../../administration/package-information/deprecated_os.md#supported-operating-systems). However, in past the [official package installation script](https://packages.gitlab.com/gitlab/gitlab-ee/install) installed the `el/6` package repository if run on Amazon Linux. From GitLab 13.7, we no longer provide `el/6` packages so administrators must run the [installation script](https://packages.gitlab.com/gitlab/gitlab-ee/install) diff --git a/doc/update/plan_your_upgrade.md b/doc/update/plan_your_upgrade.md index 7aca83071fc..63ce9e00d97 100644 --- a/doc/update/plan_your_upgrade.md +++ b/doc/update/plan_your_upgrade.md @@ -18,7 +18,7 @@ General notes: to create your plan, share details of your architecture, including: - How is GitLab installed? - What is the operating system of the node? - (check [OS versions that are no longer supported](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html) to confirm that later updates are available). + (check [OS versions that are no longer supported](../administration/package-information/deprecated_os.md) to confirm that later updates are available). - Is it a single-node or a multi-node setup? If multi-node, share any architectural details about each node with us. - Are you using [GitLab Geo](../administration/geo/index.md)? If so, share any architectural details about each secondary node. - What else might be unique or interesting in your setup that might be important for us to understand? @@ -112,7 +112,7 @@ to your instance and then upgrade it for any relevant features you're using. - [Determine what upgrade path](index.md#upgrade-paths) to follow. - Account for any [version-specific update instructions](index.md#version-specific-upgrading-instructions). - Account for any [version-specific changes](package/index.md#version-specific-changes). - - Check the [OS compatibility with the target GitLab version](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html). + - Check the [OS compatibility with the target GitLab version](../administration/package-information/deprecated_os.md). - Due to background migrations, plan to pause any further upgrades after upgrading to a new major version. [All migrations must finish running](index.md#checking-for-background-migrations-before-upgrading) @@ -123,7 +123,7 @@ to your instance and then upgrade it for any relevant features you're using. - About PostgreSQL: - On the top bar, select **Menu > Admin**, and look for the version of PostgreSQL you are using. - If [a PostgreSQL upgrade is needed](https://docs.gitlab.com/omnibus/package-information/postgresql_versions.html), + If [a PostgreSQL upgrade is needed](../administration/package-information/postgresql_versions.md), account for the relevant [packaged](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server) or [non-packaged](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-a-non-packaged-postgresql-database) steps. diff --git a/doc/user/discussions/img/btn_new_issue_for_all_threads.png b/doc/user/discussions/img/btn_new_issue_for_all_threads.png Binary files differdeleted file mode 100644 index b07267a011a..00000000000 --- a/doc/user/discussions/img/btn_new_issue_for_all_threads.png +++ /dev/null diff --git a/doc/user/discussions/img/create-new-issue_v14_3.png b/doc/user/discussions/img/create-new-issue_v14_3.png Binary files differnew file mode 100644 index 00000000000..d76fed6cb42 --- /dev/null +++ b/doc/user/discussions/img/create-new-issue_v14_3.png diff --git a/doc/user/discussions/img/new-issue-one-thread_v14_3.png b/doc/user/discussions/img/new-issue-one-thread_v14_3.png Binary files differnew file mode 100644 index 00000000000..34d3a3be0a7 --- /dev/null +++ b/doc/user/discussions/img/new-issue-one-thread_v14_3.png diff --git a/doc/user/discussions/img/new_issue_for_thread.png b/doc/user/discussions/img/new_issue_for_thread.png Binary files differdeleted file mode 100644 index c7f0fd76844..00000000000 --- a/doc/user/discussions/img/new_issue_for_thread.png +++ /dev/null diff --git a/doc/user/discussions/index.md b/doc/user/discussions/index.md index 7bff0a83532..aa4e3ce6f49 100644 --- a/doc/user/discussions/index.md +++ b/doc/user/discussions/index.md @@ -46,9 +46,9 @@ To add a commit diff comment: 1. To select a specific commit, on the merge request, select the **Commits** tab, select the commit message. To view the latest commit, select the **Changes** tab. -1. By the line you want to comment on, hover over the line number and select **{comment}**. - You can select multiple lines by dragging the **{comment}** icon. -1. Type your comment and select **Start a review** or **Add comment now**. +1. By the line you want to comment on, hover over the line number and select **Comment** (**{comment}**). + You can select multiple lines by dragging the **Comment** (**{comment}**) icon. +1. Enter your comment and select **Start a review** or **Add comment now**. The comment is displayed on the merge request's **Discussions** tab. @@ -164,12 +164,10 @@ from any device you're logged into. You can assign an issue to a user who made a comment. -1. In the comment, select the **More Actions** menu. -1. Select **Assign to commenting user**. - - - -Select the button again to unassign the commenter. +1. In the comment, select the **More Actions** (**{ellipsis_v}**) menu. +1. Select **Assign to commenting user**: +  +1. To unassign the commenter, select the button again. ## Create a thread by replying to a standard comment @@ -184,13 +182,13 @@ Prerequisites: To create a thread by replying to a comment: -1. On the top right of the comment, select **{comment}** (**Reply to comment**). +1. On the top right of the comment, select **Reply to comment** (**{comment}**).  The reply area is displayed. -1. Type your reply. +1. Enter your reply. 1. Select **Comment** or **Add comment now** (depending on where in the UI you are replying). The top comment is converted to a thread. @@ -206,7 +204,7 @@ Prerequisites: To create a thread: -1. Type a comment. +1. Enter a comment. 1. Below the comment, to the right of the **Comment** button, select the down arrow (**{chevron-down}**). 1. From the list, select **Start thread**. 1. Select **Start thread** again. @@ -237,33 +235,30 @@ To resolve a thread: - Below the last reply, in the **Reply** field, select **Resolve thread**. - Below the last reply, in the **Reply** field, enter text, select the **Resolve thread** checkbox, and select **Add comment now**. -At the top of the page, the number of unresolved threads is updated. +At the top of the page, the number of unresolved threads is updated:  ### Move all unresolved threads in a merge request to an issue If you have multiple unresolved threads in a merge request, you can -create an issue to resolve them separately. +create an issue to resolve them separately. In the merge request, at the top of the page, +select **Create issue to resolve all threads** (**{issue-new}**): -- In the merge request, at the top of the page, select **Resolve all threads in new issue**. + -  - -All threads are marked as resolved and a link is added from the merge request to +All threads are marked as resolved, and a link is added from the merge request to the newly created issue. ### Move one unresolved thread in a merge request to an issue If you have one specific unresolved thread in a merge request, you can -create an issue to resolve it separately. - -- In the merge request, under the last reply to the thread, next to the - **Resolve thread** button, select **Resolve this thread in a new issue**. +create an issue to resolve it separately. In the merge request, under the last reply +to the thread, next to **Resolve thread**, select **Create issue to resolve thread** (**{issue-new}**): -  + -The thread is marked as resolved and a link is added from the merge request to +The thread is marked as resolved, and a link is added from the merge request to the newly created issue. ### Prevent merge unless all threads are resolved diff --git a/doc/user/project/import/index.md b/doc/user/project/import/index.md index 549cea73f8e..467a81130ae 100644 --- a/doc/user/project/import/index.md +++ b/doc/user/project/import/index.md @@ -76,7 +76,7 @@ a self-managed instance from an old server to a new server. The backups produced don't depend on the operating system running GitLab. You can therefore use the restore method to switch between different operating system distributions or versions, as long -as the same GitLab version [is available for installation](https://docs.gitlab.com/omnibus/package-information/deprecated_os.html). +as the same GitLab version [is available for installation](../../../administration/package-information/deprecated_os.md). To instead merge two self-managed GitLab instances together, use the instructions in [Migrate from self-managed GitLab to GitLab.com](#migrate-from-self-managed-gitlab-to-gitlabcom). diff --git a/locale/gitlab.pot b/locale/gitlab.pot index c03801ed9e2..ae414a639a1 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -30085,6 +30085,9 @@ msgstr "" msgid "SecurityReports|Download results" msgstr "" +msgid "SecurityReports|Download scanned URLs" +msgstr "" + msgid "SecurityReports|Download scanned resources" msgstr "" diff --git a/spec/finders/issues_finder/params_spec.rb b/spec/finders/issues_finder/params_spec.rb new file mode 100644 index 00000000000..879ecc364a2 --- /dev/null +++ b/spec/finders/issues_finder/params_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe IssuesFinder::Params do + describe '#include_hidden' do + subject { described_class.new(params, user, IssuesFinder) } + + context 'when param is not set' do + let(:params) { {} } + + context 'with an admin', :enable_admin_mode do + let(:user) { create(:user, :admin) } + + it 'returns true' do + expect(subject.include_hidden?).to be_truthy + end + end + + context 'with a regular user' do + let(:user) { create(:user) } + + it 'returns false' do + expect(subject.include_hidden?).to be_falsey + end + end + end + + context 'when param is set' do + let(:params) { { include_hidden: true } } + + context 'with an admin', :enable_admin_mode do + let(:user) { create(:user, :admin) } + + it 'returns true' do + expect(subject.include_hidden?).to be_truthy + end + end + + context 'with a regular user' do + let(:user) { create(:user) } + + it 'returns false' do + expect(subject.include_hidden?).to be_falsey + end + end + end + end +end diff --git a/spec/finders/issues_finder_spec.rb b/spec/finders/issues_finder_spec.rb index 72aeb54f7a7..ed35d75720c 100644 --- a/spec/finders/issues_finder_spec.rb +++ b/spec/finders/issues_finder_spec.rb @@ -12,8 +12,52 @@ RSpec.describe IssuesFinder do context 'scope: all' do let(:scope) { 'all' } - it 'returns all issues' do - expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5) + context 'include_hidden and public_only params' do + let_it_be(:banned_user) { create(:user, :banned) } + let_it_be(:hidden_issue) { create(:issue, project: project1, author: banned_user) } + let_it_be(:confidential_issue) { create(:issue, project: project1, confidential: true) } + + context 'when user is an admin', :enable_admin_mode do + let(:user) { create(:user, :admin) } + + it 'returns all issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5, hidden_issue, confidential_issue) + end + end + + context 'when user is not an admin' do + context 'when public_only is true' do + let(:params) { { public_only: true } } + + it 'returns public issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5) + end + end + + context 'when public_only is false' do + let(:params) { { public_only: false } } + + it 'returns public and confidential issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5, confidential_issue) + end + end + + context 'when public_only is not set' do + it 'returns public and confidential issue' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5, confidential_issue) + end + end + + context 'when ban_user_feature_flag is false' do + before do + stub_feature_flags(ban_user_feature_flag: false) + end + + it 'returns all issues' do + expect(issues).to contain_exactly(issue1, issue2, issue3, issue4, issue5, hidden_issue, confidential_issue) + end + end + end end context 'user does not have read permissions' do @@ -1012,132 +1056,64 @@ RSpec.describe IssuesFinder do end describe '#with_confidentiality_access_check' do - let(:guest) { create(:user) } + let(:user) { create(:user) } let_it_be(:authorized_user) { create(:user) } - let_it_be(:banned_user) { create(:user, :banned) } let_it_be(:project) { create(:project, namespace: authorized_user.namespace) } let_it_be(:public_issue) { create(:issue, project: project) } let_it_be(:confidential_issue) { create(:issue, project: project, confidential: true) } - let_it_be(:hidden_issue) { create(:issue, project: project, author: banned_user) } - shared_examples 'returns public, does not return hidden or confidential' do + shared_examples 'returns public, does not return confidential' do it 'returns only public issues' do expect(subject).to include(public_issue) - expect(subject).not_to include(confidential_issue, hidden_issue) + expect(subject).not_to include(confidential_issue) end end - shared_examples 'returns public and confidential, does not return hidden' do - it 'returns only public and confidential issues' do + shared_examples 'returns public and confidential' do + it 'returns public and confidential issues' do expect(subject).to include(public_issue, confidential_issue) - expect(subject).not_to include(hidden_issue) end end - shared_examples 'returns public and hidden, does not return confidential' do - it 'returns only public and hidden issues' do - expect(subject).to include(public_issue, hidden_issue) - expect(subject).not_to include(confidential_issue) - end - end - - shared_examples 'returns public, confidential, and hidden' do - it 'returns all issues' do - expect(subject).to include(public_issue, confidential_issue, hidden_issue) - end - end + subject { described_class.new(user, params).with_confidentiality_access_check } context 'when no project filter is given' do let(:params) { {} } context 'for an anonymous user' do - subject { described_class.new(nil, params).with_confidentiality_access_check } - - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' end context 'for a user without project membership' do - subject { described_class.new(user, params).with_confidentiality_access_check } - - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' end context 'for a guest user' do - subject { described_class.new(guest, params).with_confidentiality_access_check } - before do - project.add_guest(guest) + project.add_guest(user) end - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' end context 'for a project member with access to view confidential issues' do - subject { described_class.new(authorized_user, params).with_confidentiality_access_check } - - it_behaves_like 'returns public and confidential, does not return hidden' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public, confidential, and hidden' + before do + project.add_reporter(user) end + + it_behaves_like 'returns public and confidential' end context 'for an admin' do - let(:admin_user) { create(:user, :admin) } - - subject { described_class.new(admin_user, params).with_confidentiality_access_check } + let(:user) { create(:user, :admin) } context 'when admin mode is enabled', :enable_admin_mode do - it_behaves_like 'returns public, confidential, and hidden' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public, confidential, and hidden' - end + it_behaves_like 'returns public and confidential' end context 'when admin mode is disabled' do - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' end end end @@ -1146,17 +1122,9 @@ RSpec.describe IssuesFinder do let(:params) { { project_id: project.id } } context 'for an anonymous user' do - subject { described_class.new(nil, params).with_confidentiality_access_check } + let(:user) { nil } - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' it 'does not filter by confidentiality' do expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything) @@ -1165,17 +1133,7 @@ RSpec.describe IssuesFinder do end context 'for a user without project membership' do - subject { described_class.new(user, params).with_confidentiality_access_check } - - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' it 'filters by confidentiality' do expect(subject.to_sql).to match("issues.confidential") @@ -1183,21 +1141,11 @@ RSpec.describe IssuesFinder do end context 'for a guest user' do - subject { described_class.new(guest, params).with_confidentiality_access_check } - before do - project.add_guest(guest) + project.add_guest(user) end - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end + it_behaves_like 'returns public, does not return confidential' it 'filters by confidentiality' do expect(subject.to_sql).to match("issues.confidential") @@ -1205,40 +1153,18 @@ RSpec.describe IssuesFinder do end context 'for a project member with access to view confidential issues' do - subject { described_class.new(authorized_user, params).with_confidentiality_access_check } - - it_behaves_like 'returns public and confidential, does not return hidden' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public, confidential, and hidden' + before do + project.add_reporter(user) end - it 'does not filter by confidentiality' do - expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything) - - subject - end + it_behaves_like 'returns public and confidential' end context 'for an admin' do - let(:admin_user) { create(:user, :admin) } - - subject { described_class.new(admin_user, params).with_confidentiality_access_check } + let(:user) { create(:user, :admin) } context 'when admin mode is enabled', :enable_admin_mode do - it_behaves_like 'returns public, confidential, and hidden' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public, confidential, and hidden' - end + it_behaves_like 'returns public and confidential' it 'does not filter by confidentiality' do expect(Issue).not_to receive(:where).with(a_string_matching('confidential'), anything) @@ -1248,19 +1174,7 @@ RSpec.describe IssuesFinder do end context 'when admin mode is disabled' do - it_behaves_like 'returns public, does not return hidden or confidential' - - context 'when feature flag is disabled' do - before do - stub_feature_flags(ban_user_feature_flag: false) - end - - it_behaves_like 'returns public and hidden, does not return confidential' - end - - it 'filters by confidentiality' do - expect(subject.to_sql).to match("issues.confidential") - end + it_behaves_like 'returns public, does not return confidential' end end end diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index f1bec85e336..481e6504be9 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -1204,12 +1204,24 @@ RSpec.describe Issue do end describe '.public_only' do - it 'only returns public issues' do - public_issue = create(:issue, project: reusable_project) - create(:issue, project: reusable_project, confidential: true) + let_it_be(:banned_user) { create(:user, :banned) } + let_it_be(:public_issue) { create(:issue, project: reusable_project) } + let_it_be(:confidential_issue) { create(:issue, project: reusable_project, confidential: true) } + let_it_be(:hidden_issue) { create(:issue, project: reusable_project, author: banned_user) } + it 'only returns public issues' do expect(described_class.public_only).to eq([public_issue]) end + + context 'when feature flag is disabled' do + before do + stub_feature_flags(ban_user_feature_flag: false) + end + + it 'returns public and hidden issues' do + expect(described_class.public_only).to eq([public_issue, hidden_issue]) + end + end end describe '.confidential_only' do diff --git a/spec/services/groups/open_issues_count_service_spec.rb b/spec/services/groups/open_issues_count_service_spec.rb index fca09bfdebe..7dd8c2a59a0 100644 --- a/spec/services/groups/open_issues_count_service_spec.rb +++ b/spec/services/groups/open_issues_count_service_spec.rb @@ -3,12 +3,18 @@ require 'spec_helper' RSpec.describe Groups::OpenIssuesCountService, :use_clean_rails_memory_store_caching do - let_it_be(:group) { create(:group, :public)} + let_it_be(:group) { create(:group, :public) } let_it_be(:project) { create(:project, :public, namespace: group) } + let_it_be(:admin) { create(:user, :admin) } let_it_be(:user) { create(:user) } - let_it_be(:issue) { create(:issue, :opened, project: project) } - let_it_be(:confidential) { create(:issue, :opened, confidential: true, project: project) } - let_it_be(:closed) { create(:issue, :closed, project: project) } + let_it_be(:banned_user) { create(:user, :banned) } + + before do + create(:issue, :opened, project: project) + create(:issue, :opened, confidential: true, project: project) + create(:issue, :opened, author: banned_user, project: project) + create(:issue, :closed, project: project) + end subject { described_class.new(group, user) } @@ -20,28 +26,42 @@ RSpec.describe Groups::OpenIssuesCountService, :use_clean_rails_memory_store_cac it 'uses the IssuesFinder to scope issues' do expect(IssuesFinder) .to receive(:new) - .with(user, group_id: group.id, state: 'opened', non_archived: true, include_subgroups: true, public_only: true) + .with(user, group_id: group.id, state: 'opened', non_archived: true, include_subgroups: true, public_only: true, include_hidden: false) subject.count end end describe '#count' do - context 'when user is nil' do - it 'does not include confidential issues in the issue count' do - expect(described_class.new(group).count).to eq(1) + shared_examples 'counts public issues, does not count hidden or confidential' do + it 'counts only public issues' do + expect(subject.count).to eq(1) + end + + it 'uses PUBLIC_COUNT_WITHOUT_HIDDEN_KEY cache key' do + expect(subject.cache_key).to include('group_open_public_issues_without_hidden_count') end end + context 'when user is nil' do + let(:user) { nil } + + it_behaves_like 'counts public issues, does not count hidden or confidential' + end + context 'when user is provided' do context 'when user can read confidential issues' do before do group.add_reporter(user) end - it 'returns the right count with confidential issues' do + it 'includes confidential issues and does not include hidden issues in count' do expect(subject.count).to eq(2) end + + it 'uses TOTAL_COUNT_WITHOUT_HIDDEN_KEY cache key' do + expect(subject.cache_key).to include('group_open_issues_without_hidden_count') + end end context 'when user cannot read confidential issues' do @@ -49,8 +69,24 @@ RSpec.describe Groups::OpenIssuesCountService, :use_clean_rails_memory_store_cac group.add_guest(user) end - it 'does not include confidential issues' do - expect(subject.count).to eq(1) + it_behaves_like 'counts public issues, does not count hidden or confidential' + end + + context 'when user is an admin' do + let(:user) { admin } + + context 'when admin mode is enabled', :enable_admin_mode do + it 'includes confidential and hidden issues in count' do + expect(subject.count).to eq(3) + end + + it 'uses TOTAL_COUNT_KEY cache key' do + expect(subject.cache_key).to include('group_open_issues_including_hidden_count') + end + end + + context 'when admin mode is disabled' do + it_behaves_like 'counts public issues, does not count hidden or confidential' end end @@ -61,11 +97,13 @@ RSpec.describe Groups::OpenIssuesCountService, :use_clean_rails_memory_store_cac describe '#clear_all_cache_keys' do it 'calls `Rails.cache.delete` with the correct keys' do expect(Rails.cache).to receive(:delete) - .with(['groups', 'open_issues_count_service', 1, group.id, described_class::PUBLIC_COUNT_KEY]) + .with(['groups', 'open_issues_count_service', 1, group.id, described_class::PUBLIC_COUNT_WITHOUT_HIDDEN_KEY]) expect(Rails.cache).to receive(:delete) .with(['groups', 'open_issues_count_service', 1, group.id, described_class::TOTAL_COUNT_KEY]) + expect(Rails.cache).to receive(:delete) + .with(['groups', 'open_issues_count_service', 1, group.id, described_class::TOTAL_COUNT_WITHOUT_HIDDEN_KEY]) - subject.clear_all_cache_keys + described_class.new(group).clear_all_cache_keys end end end diff --git a/spec/services/issues/close_service_spec.rb b/spec/services/issues/close_service_spec.rb index 15a082ddf0d..14e6b44f7b0 100644 --- a/spec/services/issues/close_service_spec.rb +++ b/spec/services/issues/close_service_spec.rb @@ -225,7 +225,7 @@ RSpec.describe Issues::CloseService do it 'verifies the number of queries' do recorded = ActiveRecord::QueryRecorder.new { close_issue } - expected_queries = 25 + expected_queries = 27 expect(recorded.count).to be <= expected_queries expect(recorded.cached_count).to eq(0) diff --git a/spec/services/projects/batch_open_issues_count_service_spec.rb b/spec/services/projects/batch_open_issues_count_service_spec.rb index 89a4abbf9c9..17bd5f7a37b 100644 --- a/spec/services/projects/batch_open_issues_count_service_spec.rb +++ b/spec/services/projects/batch_open_issues_count_service_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' RSpec.describe Projects::BatchOpenIssuesCountService do let!(:project_1) { create(:project) } let!(:project_2) { create(:project) } + let!(:banned_user) { create(:user, :banned) } let(:subject) { described_class.new([project_1, project_2]) } @@ -12,32 +13,41 @@ RSpec.describe Projects::BatchOpenIssuesCountService do before do create(:issue, project: project_1) create(:issue, project: project_1, confidential: true) - + create(:issue, project: project_1, author: banned_user) create(:issue, project: project_2) create(:issue, project: project_2, confidential: true) + create(:issue, project: project_2, author: banned_user) end - context 'when cache is clean' do + context 'when cache is clean', :aggregate_failures do it 'refreshes cache keys correctly' do - subject.refresh_cache_and_retrieve_data + expect(get_cache_key(project_1)).to eq(nil) + expect(get_cache_key(project_2)).to eq(nil) + + subject.count_service.new(project_1).refresh_cache + subject.count_service.new(project_2).refresh_cache + + expect(get_cache_key(project_1)).to eq(1) + expect(get_cache_key(project_2)).to eq(1) - # It does not update total issues cache - expect(Rails.cache.read(get_cache_key(subject, project_1))).to eq(nil) - expect(Rails.cache.read(get_cache_key(subject, project_2))).to eq(nil) + expect(get_cache_key(project_1, true)).to eq(2) + expect(get_cache_key(project_2, true)).to eq(2) - expect(Rails.cache.read(get_cache_key(subject, project_1, true))).to eq(1) - expect(Rails.cache.read(get_cache_key(subject, project_1, true))).to eq(1) + expect(get_cache_key(project_1, true, true)).to eq(3) + expect(get_cache_key(project_2, true, true)).to eq(3) end end end - def get_cache_key(subject, project, public_key = false) + def get_cache_key(project, with_confidential = false, with_hidden = false) service = subject.count_service.new(project) - if public_key - service.cache_key(service.class::PUBLIC_COUNT_KEY) + if with_confidential && with_hidden + Rails.cache.read(service.cache_key(service.class::TOTAL_COUNT_KEY)) + elsif with_confidential + Rails.cache.read(service.cache_key(service.class::TOTAL_COUNT_WITHOUT_HIDDEN_KEY)) else - service.cache_key(service.class::TOTAL_COUNT_KEY) + Rails.cache.read(service.cache_key(service.class::PUBLIC_COUNT_WITHOUT_HIDDEN_KEY)) end end end diff --git a/spec/services/projects/open_issues_count_service_spec.rb b/spec/services/projects/open_issues_count_service_spec.rb index c739fea5ecf..8710d0c0267 100644 --- a/spec/services/projects/open_issues_count_service_spec.rb +++ b/spec/services/projects/open_issues_count_service_spec.rb @@ -4,89 +4,102 @@ require 'spec_helper' RSpec.describe Projects::OpenIssuesCountService, :use_clean_rails_memory_store_caching do let(:project) { create(:project) } + let(:user) { create(:user) } + let(:banned_user) { create(:user, :banned) } - subject { described_class.new(project) } + subject { described_class.new(project, user) } it_behaves_like 'a counter caching service' + before do + create(:issue, :opened, project: project) + create(:issue, :opened, confidential: true, project: project) + create(:issue, :opened, author: banned_user, project: project) + create(:issue, :closed, project: project) + + described_class.new(project).refresh_cache + end + describe '#count' do - context 'when user is nil' do - it 'does not include confidential issues in the issue count' do - create(:issue, :opened, project: project) - create(:issue, :opened, confidential: true, project: project) + shared_examples 'counts public issues, does not count hidden or confidential' do + it 'counts only public issues' do + expect(subject.count).to eq(1) + end - expect(described_class.new(project).count).to eq(1) + it 'uses PUBLIC_COUNT_WITHOUT_HIDDEN_KEY cache key' do + expect(subject.cache_key).to include('project_open_public_issues_without_hidden_count') end end - context 'when user is provided' do - let(:user) { create(:user) } + context 'when user is nil' do + let(:user) { nil } + + it_behaves_like 'counts public issues, does not count hidden or confidential' + end + context 'when user is provided' do context 'when user can read confidential issues' do before do project.add_reporter(user) end - it 'returns the right count with confidential issues' do - create(:issue, :opened, project: project) - create(:issue, :opened, confidential: true, project: project) - - expect(described_class.new(project, user).count).to eq(2) + it 'includes confidential issues and does not include hidden issues in count' do + expect(subject.count).to eq(2) end - it 'uses total_open_issues_count cache key' do - expect(described_class.new(project, user).cache_key_name).to eq('total_open_issues_count') + it 'uses TOTAL_COUNT_WITHOUT_HIDDEN_KEY cache key' do + expect(subject.cache_key).to include('project_open_issues_without_hidden_count') end end - context 'when user cannot read confidential issues' do + context 'when user cannot read confidential or hidden issues' do before do project.add_guest(user) end - it 'does not include confidential issues' do - create(:issue, :opened, project: project) - create(:issue, :opened, confidential: true, project: project) + it_behaves_like 'counts public issues, does not count hidden or confidential' + end + + context 'when user is an admin' do + let_it_be(:user) { create(:user, :admin) } + + context 'when admin mode is enabled', :enable_admin_mode do + it 'includes confidential and hidden issues in count' do + expect(subject.count).to eq(3) + end - expect(described_class.new(project, user).count).to eq(1) + it 'uses TOTAL_COUNT_KEY cache key' do + expect(subject.cache_key).to include('project_open_issues_including_hidden_count') + end end - it 'uses public_open_issues_count cache key' do - expect(described_class.new(project, user).cache_key_name).to eq('public_open_issues_count') + context 'when admin mode is disabled' do + it_behaves_like 'counts public issues, does not count hidden or confidential' end end end + end - describe '#refresh_cache' do - before do - create(:issue, :opened, project: project) - create(:issue, :opened, project: project) - create(:issue, :opened, confidential: true, project: project) - end - - context 'when cache is empty' do - it 'refreshes cache keys correctly' do - subject.refresh_cache - - expect(Rails.cache.read(subject.cache_key(described_class::PUBLIC_COUNT_KEY))).to eq(2) - expect(Rails.cache.read(subject.cache_key(described_class::TOTAL_COUNT_KEY))).to eq(3) - end + describe '#refresh_cache', :aggregate_failures do + context 'when cache is empty' do + it 'refreshes cache keys correctly' do + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::PUBLIC_COUNT_WITHOUT_HIDDEN_KEY))).to eq(1) + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::TOTAL_COUNT_WITHOUT_HIDDEN_KEY))).to eq(2) + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::TOTAL_COUNT_KEY))).to eq(3) end + end - context 'when cache is outdated' do - before do - subject.refresh_cache - end - - it 'refreshes cache keys correctly' do - create(:issue, :opened, project: project) - create(:issue, :opened, confidential: true, project: project) + context 'when cache is outdated' do + it 'refreshes cache keys correctly' do + create(:issue, :opened, project: project) + create(:issue, :opened, confidential: true, project: project) + create(:issue, :opened, author: banned_user, project: project) - subject.refresh_cache + described_class.new(project).refresh_cache - expect(Rails.cache.read(subject.cache_key(described_class::PUBLIC_COUNT_KEY))).to eq(3) - expect(Rails.cache.read(subject.cache_key(described_class::TOTAL_COUNT_KEY))).to eq(5) - end + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::PUBLIC_COUNT_WITHOUT_HIDDEN_KEY))).to eq(2) + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::TOTAL_COUNT_WITHOUT_HIDDEN_KEY))).to eq(4) + expect(Rails.cache.read(described_class.new(project).cache_key(described_class::TOTAL_COUNT_KEY))).to eq(6) end end end |
