diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-08 06:10:16 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-11-08 06:10:16 +0300 |
commit | e2deaee92032eb1162182bc9e0d553d0153c7d0e (patch) | |
tree | 185c53f1c5a73c313aef2e901d29459184a5838e | |
parent | e0b6a8eddcf32ccd847c7f7aae18ffa51c0f6ca0 (diff) |
Add latest changes from gitlab-org/gitlab@master
6 files changed, 172 insertions, 63 deletions
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md index 4aa14aebf61..fefd34e855d 100644 --- a/doc/ci/yaml/index.md +++ b/doc/ci/yaml/index.md @@ -3959,13 +3959,19 @@ The release name. If omitted, it is populated with the value of `release: tag_na #### `release:description` -Specifies the long description of the release. You can also specify a file that contains the -description. +The long description of the release. -In [GitLab 13.7 and later]((https://gitlab.com/gitlab-org/release-cli/-/merge_requests/67)), -you can specify a file in `$CI_PROJECT_DIR` that contains the description. The file must be relative -to the project directory (`$CI_PROJECT_DIR`), and if the file is a symbolic link it can't reside -outside of `$CI_PROJECT_DIR`. The `./path/to/file` and filename can't contain spaces. +**Keyword type**: Job keyword. You can use it only as part of a job. + +**Possible inputs**: + +- A string with the long description. +- The path to a file that contains the description. Introduced in [GitLab 13.7](https://gitlab.com/gitlab-org/release-cli/-/merge_requests/67). + - The file location must be relative to the project directory (`$CI_PROJECT_DIR`). + - If the file is a symbolic link, it must be in the `$CI_PROJECT_DIR`. + - The `./path/to/file` and filename can't contain spaces. + +**Example of `release:description`**: ```yaml job: @@ -3976,8 +3982,13 @@ job: #### `release:ref` -If the `release: tag_name` doesn't exist yet, the release is created from `ref`. -`ref` can be a commit SHA, another tag name, or a branch name. +The `ref` for the release, if the `release: tag_name` doesn't exist yet. + +**Keyword type**: Job keyword. You can use it only as part of a job. + +**Possible inputs**: + +- A commit SHA, another tag name, or a branch name. #### `release:milestones` @@ -3985,21 +3996,31 @@ The title of each milestone the release is associated with. #### `release:released_at` -The date and time when the release is ready. Defaults to the current date and time if not -defined. Should be enclosed in quotes and expressed in ISO 8601 format. +The date and time when the release is ready. -```json +**Possible inputs**: + +- A date enclosed in quotes and expressed in ISO 8601 format. + +**Example of `release:released_at`**: + +```yaml released_at: '2021-03-15T08:00:00Z' ``` +**Additional details**: + +- If it is not defined, the current date and time is used. + #### `release:assets:links` > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/271454) in GitLab 13.12. -Include [asset links](../../user/project/releases/index.md#release-assets) in the release. +Use `release:assets:links` to include [asset links](../../user/project/releases/index.md#release-assets) in the release. -NOTE: -Requires `release-cli` version v0.4.0 or higher. +Requires `release-cli` version v0.4.0 or later. + +**Example of `release:assets:links`**: ```yaml assets: diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index b3aaf1cf158..32050cf9822 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -261,6 +261,103 @@ under your project's settings: </settings> ``` +## Using a custom scanning stage + +When security scanning is enabled by including CI/CD templates as described in the +[Security scanning without Auto DevOps](#security-scanning-without-auto-devops) section, the scanning jobs +use the predefined `test` stage by default. If you specify a custom stage in your `.gitlab-ci.yml` file without +including a `test` stage, an error occurs. + +For example, the following attempts to use a `unit-tests` stage: + +```yaml +include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml + +stages: + - unit-tests + +custom job: + stage: unit-tests + script: + - echo "custom job" +``` + +The above `.gitlab-ci.yml` causes a linting error: + +```plaintext +Found errors in your .gitlab-ci.yml: +- dependency_scanning job: chosen stage does not exist; available stages are .pre +- unit-tests +- .post +``` + +This error appears because the `test` stage used by the security scanning jobs isn't declared in the `.gitlab-ci.yml` file. +To fix this issue, you can either: + +- Add a `test` stage in your `.gitlab-ci.yml`: + + ```yaml + include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml + + stages: + - test + - unit-tests + + custom job: + stage: unit-tests + script: + - echo "custom job" + ``` + +- Override the default stage of each security job. For example, to use a pre-defined stage named `unit-tests`: + + ```yaml + include: + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Security/Secret-Detection.gitlab-ci.yml + + stages: + - unit-tests + + dependency_scanning: + stage: unit-tests + + license_scanning: + stage: unit-tests + + sast: + stage: unit-tests + + .secret-analyzer: + stage: unit-tests + + custom job: + stage: unit-tests + script: + - echo "custom job" + ``` + +Learn more on overriding security jobs: + +- [Overriding SAST jobs](sast/index.md#overriding-sast-jobs). +- [Overriding Dependency Scanning jobs](dependency_scanning/index.md#overriding-dependency-scanning-jobs). +- [Overriding Container Scanning jobs](container_scanning/index.md#overriding-the-container-scanning-template). +- [Overriding Secret Detection jobs](secret_detection/index.md#customizing-settings). +- [Overriding DAST jobs](dast/index.md#customize-dast-settings). +- [Overriding License Compliance jobs](../compliance/license_compliance/index.md#overriding-the-template). + +All the security scanning tools define their stage, so this error can occur with all of them. + ## Security report validation > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321918) in GitLab 13.11. @@ -379,51 +476,6 @@ Select **new pipeline** to run a new pipeline. ![Run a new pipeline](img/outdated_report_pipeline_v12_9.png) -### Getting error message `sast job: stage parameter should be [some stage name here]` - -When [including](../../ci/yaml/index.md#includetemplate) a `.gitlab-ci.yml` template -like [`SAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml), -the following error may occur, depending on your GitLab CI/CD configuration: - -```plaintext -Found errors in your .gitlab-ci.yml: - -* sast job: stage parameter should be unit-tests -``` - -This error appears when the included job's stage (named `test`) isn't declared in `.gitlab-ci.yml`. - -To fix this issue, you can either: - -- Add a `test` stage in your `.gitlab-ci.yml`. -- Override the default stage of each security job. For example, to use a pre-defined stage name `unit-tests`: - - ```yaml - include: - - template: Security/Dependency-Scanning.gitlab-ci.yml - - template: Security/License-Scanning.gitlab-ci.yml - - template: Security/SAST.gitlab-ci.yml - - template: Security/Secret-Detection.gitlab-ci.yml - - stages: - - unit-tests - - dependency_scanning: - stage: unit-tests - - license_scanning: - stage: unit-tests - - sast: - stage: unit-tests - - .secret-analyzer: - stage: unit-tests - ``` - -[Learn more on overriding SAST jobs](sast/index.md#overriding-sast-jobs). -All the security scanning tools define their stage, so this error can occur with all of them. - ### Getting warning messages `… report.json: no matching files` This message is often followed by the [error `No files to upload`](../../ci/pipelines/job_artifacts.md#error-message-no-files-to-upload), diff --git a/lib/gitlab/database/shared_model.rb b/lib/gitlab/database/shared_model.rb index f304c32d731..f31dbc01907 100644 --- a/lib/gitlab/database/shared_model.rb +++ b/lib/gitlab/database/shared_model.rb @@ -8,13 +8,17 @@ module Gitlab class << self def using_connection(connection) - raise 'cannot nest connection overrides for shared models' unless overriding_connection.nil? + previous_connection = self.overriding_connection + + unless previous_connection.nil? || previous_connection.equal?(connection) + raise 'cannot nest connection overrides for shared models with different connections' + end self.overriding_connection = connection yield ensure - self.overriding_connection = nil + self.overriding_connection = nil unless previous_connection.equal?(self.overriding_connection) end def connection diff --git a/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb b/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb index 125867bc694..ffc76204731 100644 --- a/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/container_registry_omnibus_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Package', :orchestrated do + RSpec.describe 'Package', :orchestrated, only: { pipeline: :main } do describe 'Self-managed Container Registry' do let(:project) do Resource::Project.fabricate_via_api! do |project| diff --git a/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb b/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb index 41e5a99657c..b941d5434df 100644 --- a/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb +++ b/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module QA - RSpec.describe 'Package', :orchestrated, :registry do + RSpec.describe 'Package', :orchestrated, :registry, only: { pipeline: :main } do describe 'Dependency Proxy' do let(:project) do Resource::Project.fabricate_via_api! do |project| diff --git a/spec/lib/gitlab/database/shared_model_spec.rb b/spec/lib/gitlab/database/shared_model_spec.rb index 5d616aeb05f..94f2b5a3434 100644 --- a/spec/lib/gitlab/database/shared_model_spec.rb +++ b/spec/lib/gitlab/database/shared_model_spec.rb @@ -27,6 +27,38 @@ RSpec.describe Gitlab::Database::SharedModel do end end + context 'when multiple connection overrides are nested', :aggregate_failures do + let(:second_connection) { double('connection') } + + it 'allows the nesting with the same connection object' do + expect_original_connection_around do + described_class.using_connection(new_connection) do + expect(described_class.connection).to be(new_connection) + + described_class.using_connection(new_connection) do + expect(described_class.connection).to be(new_connection) + end + + expect(described_class.connection).to be(new_connection) + end + end + end + + it 'raises an error if the connection is changed' do + expect_original_connection_around do + described_class.using_connection(new_connection) do + expect(described_class.connection).to be(new_connection) + + expect do + described_class.using_connection(second_connection) {} + end.to raise_error(/cannot nest connection overrides/) + + expect(described_class.connection).to be(new_connection) + end + end + end + end + context 'when the block raises an error', :aggregate_failures do it 're-raises the error, removing the overridden connection' do expect_original_connection_around do |