diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-20 09:07:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-20 09:07:06 +0300 |
commit | dd4c30182c16fe27efbbf4c19594bb292fb4ac48 (patch) | |
tree | 3d2e0235a0ab5333a6a2d4990da409640dd2d26f | |
parent | accf0d7db3d58a62212125703df39e341d327ec6 (diff) |
Add latest changes from gitlab-org/gitlab@master
19 files changed, 91 insertions, 46 deletions
diff --git a/.rubocop_todo/lint/empty_class.yml b/.rubocop_todo/lint/empty_class.yml deleted file mode 100644 index c8caff58c35..00000000000 --- a/.rubocop_todo/lint/empty_class.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -Lint/EmptyClass: - Exclude: - - 'spec/lib/gitlab/multi_destination_logger_spec.rb' diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 829f41679b2..6dd25430c9e 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -d687ebe4b114fce6d74deed3d7f45c0b58e3bbc4 +c8e24f24ed55dc90cd7f3ad4272421b4fce368f7 diff --git a/app/models/merge_request/diff_llm_summary.rb b/app/models/merge_request/diff_llm_summary.rb deleted file mode 100644 index e13fe5e1f50..00000000000 --- a/app/models/merge_request/diff_llm_summary.rb +++ /dev/null @@ -1,14 +0,0 @@ -# rubocop:disable Style/ClassAndModuleChildren -# frozen_string_literal: true - -class MergeRequest::DiffLlmSummary < ApplicationRecord - belongs_to :merge_request_diff - belongs_to :user, optional: true - - validates :merge_request_diff_id, uniqueness: true - validates :provider, presence: true - validates :content, presence: true, length: { maximum: 2056 } - - enum provider: { openai: 0 } -end -# rubocop:enable Style/ClassAndModuleChildren diff --git a/app/policies/merge_request_policy.rb b/app/policies/merge_request_policy.rb index 49f9225a1d3..090be645b21 100644 --- a/app/policies/merge_request_policy.rb +++ b/app/policies/merge_request_policy.rb @@ -16,6 +16,10 @@ class MergeRequestPolicy < IssuablePolicy prevent :accept_merge_request end + rule { can?(:read_merge_request) }.policy do + enable :generate_diff_summary + end + rule { can_approve }.policy do enable :approve_merge_request end @@ -43,6 +47,10 @@ class MergeRequestPolicy < IssuablePolicy enable :set_merge_request_metadata end + rule { llm_bot }.policy do + enable :generate_diff_summary + end + private def can_approve? diff --git a/app/validators/json_schemas/scan_result_policy_vulnerability_attributes.json b/app/validators/json_schemas/scan_result_policy_vulnerability_attributes.json new file mode 100644 index 00000000000..e0051179a1d --- /dev/null +++ b/app/validators/json_schemas/scan_result_policy_vulnerability_attributes.json @@ -0,0 +1,14 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "description": "Scan result policy vulnerability_attributes", + "type": "object", + "properties": { + "false_positive": { + "type": "boolean" + }, + "fix_available": { + "type": "boolean" + } + }, + "additionalProperties": false +} diff --git a/db/migrate/20230613122211_add_vulnerability_attributes_to_scan_result_policies.rb b/db/migrate/20230613122211_add_vulnerability_attributes_to_scan_result_policies.rb new file mode 100644 index 00000000000..c3467efe4af --- /dev/null +++ b/db/migrate/20230613122211_add_vulnerability_attributes_to_scan_result_policies.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +class AddVulnerabilityAttributesToScanResultPolicies < Gitlab::Database::Migration[2.1] + def change + add_column :scan_result_policies, :vulnerability_attributes, :jsonb, default: {} + end +end diff --git a/db/schema_migrations/20230613122211 b/db/schema_migrations/20230613122211 new file mode 100644 index 00000000000..ccdecf69019 --- /dev/null +++ b/db/schema_migrations/20230613122211 @@ -0,0 +1 @@ +da2cc429052e2db307e8eff2de61049ce93db4a7f6321a265889edeff1e7897d
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 073fd5e31fa..c579b085c82 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -22303,6 +22303,7 @@ CREATE TABLE scan_result_policies ( age_value integer, age_operator smallint, age_interval smallint, + vulnerability_attributes jsonb DEFAULT '{}'::jsonb, CONSTRAINT age_value_null_or_positive CHECK (((age_value IS NULL) OR (age_value >= 0))) ); diff --git a/doc/administration/audit_event_streaming/index.md b/doc/administration/audit_event_streaming/index.md index 44c6cff7455..22670e95d49 100644 --- a/doc/administration/audit_event_streaming/index.md +++ b/doc/administration/audit_event_streaming/index.md @@ -226,6 +226,25 @@ To list streaming destinations for an instance and see the verification tokens: 1. On the main area, select the **Streams**. 1. View the verification token on the right side of each item. +## Event type filters + +> Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413581) in GitLab 16.1. + +When this feature is enabled for a group, you can permit users to filter streamed audit events per destination. +If the feature is enabled with no filters, the destination receives all audit events. + +A streaming destination that has an event type filter set has a **filtered** (**{filter}**) label. + +To update a streaming destination's event filters: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your group. +1. Select **Secure > Audit events**. +1. On the main area, select the **Streams** tab. +1. To the right of the item, select **Edit** (**{pencil}**). +1. Select **Filter by stream event**. +1. Select the dropdown list and select or clear the required event types. +1. Select **Save** to update the event filters. + ## Override default content type header By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you diff --git a/doc/user/group/compliance_frameworks.md b/doc/user/group/compliance_frameworks.md index 0ba329a8963..55d096a654e 100644 --- a/doc/user/group/compliance_frameworks.md +++ b/doc/user/group/compliance_frameworks.md @@ -12,7 +12,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w You can create a compliance framework that is a label to identify that your project has certain compliance requirements or needs additional oversight. The label can optionally enforce [compliance pipeline configuration](#compliance-pipelines) to the projects on which it is -[applied](../project/settings/index.md#add-a-compliance-framework-to-a-project). +applied. Refer to our +applied. For more information, see [Add a compliance framework to a project](../project/settings/index.md#add-a-compliance-framework-to-a-project). Compliance frameworks are created on top-level groups. Group owners can create, edit, and delete compliance frameworks: diff --git a/doc/user/project/merge_requests/approvals/index.md b/doc/user/project/merge_requests/approvals/index.md index 2a574764954..ad4d32535bd 100644 --- a/doc/user/project/merge_requests/approvals/index.md +++ b/doc/user/project/merge_requests/approvals/index.md @@ -115,7 +115,7 @@ FLAG: On self-managed GitLab, by default this feature is available. To hide the feature, ask an administrator to [disable the feature flag](../../../../administration/feature_flags.md) named `invalid_scan_result_policy_prevents_merge`. -Whenever an approval rule cannot be satisfied, the rule is displayed as **(!) Auto approved**. This applies to the following conditions: +Whenever an approval rule cannot be satisfied, the rule is displayed as **Auto approved**. This applies to the following conditions: - The only eligible approver is the author of the merge request. - No eligible approvers (either groups or users) have been assigned to the approval rule. @@ -124,7 +124,7 @@ Whenever an approval rule cannot be satisfied, the rule is displayed as **(!) Au These rules are automatically approved to unblock their respective merge requests, unless they were created through a [scan result policy](../../../application_security/policies/scan-result-policies.md). Invalid approval rules created through a scan result policy are presented with -**(!) Action Required** and are not automatically approved, blocking their respective merge requests. +**Action required** and are not automatically approved, blocking their respective merge requests. ## Related topics diff --git a/qa/gdk/Dockerfile.gdk b/qa/gdk/Dockerfile.gdk index cf9cea69056..cdb693841cb 100644 --- a/qa/gdk/Dockerfile.gdk +++ b/qa/gdk/Dockerfile.gdk @@ -99,6 +99,7 @@ RUN set -eux; \ # COPY --chown=gdk:gdk Gemfile Gemfile.lock ./gitlab/ COPY --chown=gdk:gdk vendor/gems ./gitlab/vendor/gems +COPY --chown=gdk:gdk gems ./gitlab/gems RUN make .gitlab-bundle && rm -rf ${GEM_HOME}/cache # Install gitlab npm dependencies diff --git a/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb b/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb index c522c8b307f..71e9a568370 100644 --- a/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb +++ b/spec/lib/gitlab/background_migration/legacy_upload_mover_spec.rb @@ -139,7 +139,7 @@ RSpec.describe Gitlab::BackgroundMigration::LegacyUploadMover, :aggregate_failur end context 'when an upload belongs to a legacy_diff_note' do - let!(:merge_request) { create(:merge_request, source_project: project) } + let!(:merge_request) { create(:merge_request, :skip_diff_creation, source_project: project) } let!(:note) do create(:legacy_diff_note_on_merge_request, diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index f6bdbc86cc5..0340c7db75d 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -249,6 +249,7 @@ merge_request_diff: - merge_request_diff_commits - merge_request_diff_detail - merge_request_diff_files +- merge_request_diff_llm_summary merge_request_diff_commits: - merge_request_diff - commit_author diff --git a/spec/lib/gitlab/multi_destination_logger_spec.rb b/spec/lib/gitlab/multi_destination_logger_spec.rb index e0d76afd9bf..53a8541bcb7 100644 --- a/spec/lib/gitlab/multi_destination_logger_spec.rb +++ b/spec/lib/gitlab/multi_destination_logger_spec.rb @@ -2,9 +2,6 @@ require 'spec_helper' -class FakeLogger -end - class LoggerA < Gitlab::Logger def self.file_name_noext 'loggerA' diff --git a/spec/models/concerns/batch_destroy_dependent_associations_spec.rb b/spec/models/concerns/batch_destroy_dependent_associations_spec.rb index e8d84fe9630..256cd386ce2 100644 --- a/spec/models/concerns/batch_destroy_dependent_associations_spec.rb +++ b/spec/models/concerns/batch_destroy_dependent_associations_spec.rb @@ -27,7 +27,7 @@ RSpec.describe BatchDestroyDependentAssociations do let_it_be(:build) { create(:ci_build, project: project) } let_it_be(:notification_setting) { create(:notification_setting, project: project) } let_it_be(:note) { create(:note, project: project) } - let_it_be(:merge_request) { create(:merge_request, source_project: project) } + let_it_be(:merge_request) { create(:merge_request, :skip_diff_creation, source_project: project) } it 'destroys multiple notes' do create(:note, project: project) diff --git a/spec/models/merge_request/diff_llm_summary_spec.rb b/spec/models/merge_request/diff_llm_summary_spec.rb deleted file mode 100644 index 860457add62..00000000000 --- a/spec/models/merge_request/diff_llm_summary_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe ::MergeRequest::DiffLlmSummary, feature_category: :code_review_workflow do - let_it_be_with_reload(:project) { create(:project, :repository) } - - subject(:merge_request_diff_llm_summary) { build(:merge_request_diff_llm_summary) } - - describe 'associations' do - it { is_expected.to belong_to(:merge_request_diff) } - it { is_expected.to belong_to(:user).optional } - it { is_expected.to validate_uniqueness_of(:merge_request_diff_id) } - it { is_expected.to validate_presence_of(:content) } - it { is_expected.to validate_length_of(:content).is_at_most(2056) } - it { is_expected.to validate_presence_of(:provider) } - end -end diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb index c21e1244402..285f52956eb 100644 --- a/spec/policies/merge_request_policy_spec.rb +++ b/spec/policies/merge_request_policy_spec.rb @@ -462,6 +462,37 @@ RSpec.describe MergeRequestPolicy do end end + context 'when enabling generate diff summary permission' do + let_it_be(:project) { create(:project) } + let_it_be(:mr) { create(:merge_request, target_project: project, source_project: project) } + let_it_be(:user) { create(:user) } + let(:policy) { permissions(user, mr) } + + context 'when can read_merge_request' do + before do + project.add_developer(user) + end + + it 'allows to generate_diff_summary' do + expect(policy).to be_allowed(:generate_diff_summary) + end + end + + context 'when can not read_merge_request' do + it 'does not allow to generate_diff_summary' do + expect(policy).not_to be_allowed(:generate_diff_summary) + end + + context 'and when is the LLM bot' do + let(:user) { create(:user, :llm_bot) } + + it 'allows to generate_diff_summary' do + expect(policy).to be_allowed(:generate_diff_summary) + end + end + end + end + context 'when the author of the merge request is banned', feature_category: :insider_threat do let_it_be(:user) { create(:user) } let_it_be(:admin) { create(:user, :admin) } diff --git a/spec/requests/api/statistics_spec.rb b/spec/requests/api/statistics_spec.rb index baac39abf2c..76190d4e272 100644 --- a/spec/requests/api/statistics_spec.rb +++ b/spec/requests/api/statistics_spec.rb @@ -59,7 +59,7 @@ RSpec.describe API::Statistics, 'Statistics', :aggregate_failures, feature_categ create_list(:note, 2, author: admin, project: projects.first, noteable: issues.first) create_list(:milestone, 3, project: projects.first) create(:key, user: admin) - create(:merge_request, source_project: projects.first) + create(:merge_request, :skip_diff_creation, source_project: projects.first) fork_project(projects.first, admin) # Make sure the reltuples have been updated |