diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 21:42:06 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 21:42:06 +0300 |
| commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
| tree | 78be5963ec075d80116a932011d695dd33910b4e /config | |
| parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) | |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'config')
51 files changed, 571 insertions, 624 deletions
diff --git a/config/application.rb b/config/application.rb index 772b3b042c1..3fd9ce39bb9 100644 --- a/config/application.rb +++ b/config/application.rb @@ -169,6 +169,8 @@ module Gitlab config.assets.precompile << "application_dark.css" + config.assets.precompile << "startup/*.css" + config.assets.precompile << "print.css" config.assets.precompile << "mailer.css" config.assets.precompile << "mailer_client_specific.css" @@ -192,6 +194,11 @@ module Gitlab config.assets.precompile << "icons.json" config.assets.precompile << "illustrations/*.svg" + # Import Fontawesome fonts + config.assets.paths << "#{config.root}/node_modules/font-awesome/fonts" + config.assets.precompile << "fontawesome-webfont.woff2" + config.assets.precompile << "fontawesome-webfont.woff" + # Import css for xterm config.assets.paths << "#{config.root}/node_modules/xterm/src/" config.assets.precompile << "xterm.css" diff --git a/config/database.yml.postgresql b/config/database.yml.postgresql index 5b3b35c9226..37c69ad326b 100644 --- a/config/database.yml.postgresql +++ b/config/database.yml.postgresql @@ -5,7 +5,6 @@ production: adapter: postgresql encoding: unicode database: gitlabhq_production - pool: 10 username: git password: "secure password" host: localhost @@ -26,7 +25,6 @@ development: adapter: postgresql encoding: unicode database: gitlabhq_development - pool: 5 username: postgres password: "secure password" host: localhost @@ -38,7 +36,6 @@ staging: adapter: postgresql encoding: unicode database: gitlabhq_staging - pool: 10 username: git password: "secure password" host: localhost @@ -50,7 +47,6 @@ test: &test adapter: postgresql encoding: unicode database: gitlabhq_test - pool: 5 username: postgres password: host: localhost diff --git a/config/database_geo.yml.postgresql b/config/database_geo.yml.postgresql index 2918879f7ed..25b9c6d5eb1 100644 --- a/config/database_geo.yml.postgresql +++ b/config/database_geo.yml.postgresql @@ -5,11 +5,9 @@ production: adapter: postgresql encoding: unicode database: gitlabhq_geo_production - pool: 10 username: git password: "secure password" host: localhost - fdw: true # # Development specific @@ -18,11 +16,9 @@ development: adapter: postgresql encoding: unicode database: gitlabhq_geo_development - pool: 5 username: postgres password: "secure password" host: localhost - fdw: true # # Staging specific @@ -31,11 +27,9 @@ staging: adapter: postgresql encoding: unicode database: gitlabhq_geo_staging - pool: 10 username: git password: "secure password" host: localhost - fdw: true # Warning: The database defined as "test" will be erased and # re-generated from your development database when you run "rake". @@ -44,8 +38,6 @@ test: &test adapter: postgresql encoding: unicode database: gitlabhq_geo_test - pool: 5 username: postgres password: host: localhost - fdw: true diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml index 3724fbb767b..9256b902634 100644 --- a/config/dependency_decisions.yml +++ b/config/dependency_decisions.yml @@ -103,20 +103,6 @@ :versions: [] :when: 2016-10-28 11:02:15.540105000 Z - - :license - - raphael-rails - - MIT - - :who: Connor Shea - :why: https://github.com/mockdeep/raphael-rails/blob/master/license.txt - :versions: [] - :when: 2016-04-17 21:30:07.575392000 Z -- - :license - - rouge - - MIT - - :who: Connor Shea - :why: https://github.com/jneen/rouge/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:31:29.490394000 Z -- - :license - pyu-ruby-sasl - MIT - :who: Connor Shea @@ -124,20 +110,6 @@ :versions: [] :when: 2016-04-17 21:41:55.266420000 Z - - :license - - six - - MIT - - :who: Connor Shea - :why: https://github.com/randx/six/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:42:31.420186000 Z -- - :license - - rdoc - - ruby - - :who: Connor Shea - :why: https://github.com/rdoc/rdoc/blob/master/LICENSE.rdoc - :versions: [] - :when: 2016-04-17 21:43:30.480413000 Z -- - :license - expression_parser - MIT - :who: Connor Shea @@ -152,13 +124,6 @@ :versions: [] :when: 2016-04-17 21:49:10.329759000 Z - - :license - - eventmachine - - ruby - - :who: Connor Shea - :why: https://github.com/eventmachine/eventmachine/blob/master/LICENSE - :versions: [] - :when: 2016-04-17 21:49:10.329759001 Z -- - :license - unicorn - ruby - :who: Connor Shea @@ -173,13 +138,6 @@ :versions: [] :when: 2016-05-02 05:45:38.323867000 Z - - :license - - json - - ruby - - :who: Connor Shea - :why: https://github.com/flori/json/tree/master#license - :versions: [] - :when: 2016-05-02 05:50:07.826564000 Z -- - :license - unf - BSD - :who: Connor Shea @@ -193,48 +151,6 @@ :why: https://github.com/jmcnevin/rubypants/blob/master/LICENSE.rdoc :versions: [] :when: 2016-05-02 05:56:50.696858000 Z -- - :approve - - after - - :who: Matt Lee - :why: https://github.com/Raynos/after/blob/master/LICENCE - :versions: [] - :when: 2017-01-14 20:00:32.473125000 Z -- - :approve - - amdefine - - :who: Matt Lee - :why: MIT License - :versions: [] - :when: 2017-01-14 20:08:31.810633000 Z -- - :approve - - base64id - - :who: Matt Lee - :why: https://github.com/faeldt/base64id/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:08:33.174760000 Z -- - :approve - - blob - - :who: Matt Lee - :why: https://github.com/webmodules/blob/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:08:34.564048000 Z -- - :approve - - callsite - - :who: Matt Lee - :why: https://github.com/tj/callsite/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:08:35.976025000 Z -- - :approve - - component-bind - - :who: Matt Lee - :why: https://github.com/component/bind/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:08:37.291219000 Z -- - :approve - - component-inherit - - :who: Matt Lee - :why: https://github.com/component/inherit/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:41.804804000 Z - - :license - fsevents - MIT @@ -243,85 +159,12 @@ :versions: [] :when: 2017-01-14 20:50:20.037775000 Z - - :approve - - indexof - - :who: Matt Lee - :why: https://github.com/component/indexof/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:43.209900000 Z -- - :approve - - is-integer - - :who: Matt Lee - :why: https://github.com/parshap/js-is-integer/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:44.540916000 Z -- - :approve - - jsonify - - :who: Matt Lee - :why: Public Domain - no formal license on this one. probably okay as its been - the same for along time. would prefer to see CC0 - :versions: [] - :when: 2017-01-14 20:10:45.857261000 Z -- - :approve - - object-component - - :who: Matt Lee - :why: https://github.com/component/object/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:47.190148000 Z -- - :approve - - optimist - - :who: Matt Lee - :why: https://github.com/substack/node-optimist/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:48.563077000 Z -- - :approve - - path-is-inside - - :who: Matt Lee - :why: https://github.com/domenic/path-is-inside/blob/master/LICENSE.txt - :versions: [] - :when: 2017-01-14 20:10:49.910497000 Z -- - :approve - - rc - - :who: Matt Lee - :why: https://github.com/dominictarr/rc/blob/master/LICENSE.MIT - :versions: [] - :when: 2017-01-14 20:10:51.244695000 Z -- - :approve - - ripemd160 - - :who: Matt Lee - :why: https://github.com/crypto-browserify/ripemd160/blob/master/LICENSE.md - :versions: [] - :when: 2017-01-14 20:10:52.560282000 Z -- - :approve - select2 - :who: Matt Lee :why: https://github.com/select2/select2/blob/master/LICENSE.md :versions: [] :when: 2017-01-14 20:10:53.909618000 Z - - :approve - - tweetnacl - - :who: Matt Lee - :why: https://github.com/dchest/tweetnacl-js/blob/master/LICENSE - :versions: [] - :when: 2017-01-14 20:10:57.812077000 Z -- - :approve - - wordwrap - - :who: Mike Greiling - :why: https://github.com/substack/node-wordwrap/blob/0.0.3/LICENSE - :versions: [] - :when: 2017-02-08 20:17:13.084968000 Z -- - :approve - - spdx-expression-parse - - :who: Mike Greiling - :why: https://github.com/kemitchell/spdx-expression-parse.js/blob/v1.0.4/LICENSE - :versions: [] - :when: 2017-02-08 22:33:01.806977000 Z -- - :approve - - spdx-license-ids - - :who: Mike Greiling - :why: https://github.com/shinnn/spdx-license-ids/blob/v1.2.2/LICENSE - :versions: [] - :when: 2017-02-08 22:35:00.225232000 Z -- - :approve - opener - :who: Mike Greiling :why: https://github.com/domenic/opener/blob/1.4.3/LICENSE.txt @@ -345,67 +188,6 @@ :why: https://github.com/nodeca/pako/blob/master/LICENSE :versions: [] :when: 2017-04-05 10:43:45.897720000 Z -- - :approve - - caniuse-db - - :who: Mike Greiling - :why: https://github.com/Fyrd/caniuse/blob/master/LICENSE - :versions: [] - :when: 2017-04-07 16:05:14.185549000 Z -- - :approve - - domelementtype - - :who: Mike Greiling - :why: https://github.com/fb55/domelementtype/blob/master/LICENSE - :versions: [] - :when: 2017-04-07 16:19:17.992640000 Z -- - :approve - - domhandler - - :who: Mike Greiling - :why: https://github.com/fb55/domhandler/blob/master/LICENSE - :versions: [] - :when: 2017-04-07 16:19:19.628953000 Z -- - :approve - - domutils - - :who: Mike Greiling - :why: https://github.com/fb55/domutils/blob/master/LICENSE - :versions: [] - :when: 2017-04-07 16:19:21.159356000 Z -- - :approve - - entities - - :who: Mike Greiling - :why: https://github.com/fb55/entities/blob/master/LICENSE - :versions: [] - :when: 2017-04-07 16:19:23.900571000 Z -- - :approve - - ansi-html - - :who: Mike Greiling - :why: https://github.com/Tjatse/ansi-html/blob/master/LICENSE - :versions: [] - :when: 2017-04-10 05:42:12.898178000 Z -- - :license - - map-stream - - MIT - - :who: Mike Greiling - :why: https://github.com/dominictarr/map-stream/blob/master/LICENCE - :versions: [] - :when: 2017-04-10 06:27:52.269085000 Z -- - :approve - - pause-stream - - :who: Mike Greiling - :why: https://github.com/dominictarr/pause-stream/blob/master/LICENSE - :versions: [] - :when: 2017-04-10 06:28:39.825894000 Z -- - :approve - - undefsafe - - :who: Mike Greiling - :why: https://github.com/remy/undefsafe/blob/master/LICENSE - :versions: [] - :when: 2017-04-10 06:30:00.002555000 Z -- - :approve - - thunky - - :who: Mike Greiling - :why: https://github.com/mafintosh/thunky/blob/master/README.md#license - :versions: [] - :when: 2017-08-07 05:56:09.907045000 Z - - :whitelist - Unlicense - :who: Nick Thomas <nick@gitlab.com> @@ -418,49 +200,6 @@ :why: https://gitlab.com/gitlab-com/organization/issues/117 :versions: [] :when: 2017-09-04 12:59:51.150798717 Z -- - :approve - - console-browserify - - :who: Mike Greiling - :why: https://github.com/Raynos/console-browserify/blob/f0a8898487e2a47b8a5dc8734b91059fa2825506/LICENCE - :versions: [] - :when: 2017-09-16 05:13:07.073651000 Z -- - :approve - - duplexer - - :who: Mike Greiling - :why: https://github.com/Raynos/duplexer/blob/master/LICENCE - :versions: [] - :when: 2017-09-16 05:14:15.774643000 Z -- - :approve - - json3 - - :who: Mike Greiling - :why: https://github.com/bestiejs/json3/blob/v3.3.2/LICENSE - :versions: [] - :when: 2017-09-16 05:15:16.273892000 Z -- - :approve - - mime - - :who: Mike Greiling - :why: https://github.com/broofa/node-mime/blob/v1.3.4/LICENSE - :versions: [] - :when: 2017-09-16 05:16:21.135542000 Z -- - :approve - - querystring-es3 - - :who: Mike Greiling - :why: https://github.com/mike-spainhower/querystring/blob/v0.2.0/License.md - :versions: [] - :when: 2017-09-16 05:17:20.372089000 Z -- - :approve - - utils-merge - - :who: Mike Greiling - :why: https://github.com/jaredhanson/utils-merge/blob/v1.0.0/LICENSE - :versions: [] - :when: 2017-09-16 05:18:26.193764000 Z -- - :license - - "@gitlab/svgs" - - MIT - - :who: Tim Zallmann - :why: Our own library - GitLab License https://gitlab.com/gitlab-org/gitlab-svgs - :versions: [] - :when: 2017-09-19 14:36:32.795496000 Z - - :license - pikaday - MIT @@ -468,51 +207,6 @@ :why: MIT License :versions: [] :when: 2017-10-17 17:46:12.367554000 Z -- - :license - - component-emitter - - MIT - - :who: Winnie Hellmann - :why: package.json does not specify the license (README.md does) - :versions: - - 1.1.2 - :when: 2017-11-13 12:23:10.502463000 Z -- - :license - - json-schema - - BSD - - :who: Winnie Hellmann - :why: https://github.com/kriszyp/json-schema/blob/v0.2.3/package.json#L18-L19 - :versions: - - 0.2.3 - :when: 2017-11-16 12:52:18.286091000 Z -- - :license - - node-forge - - New BSD - - :who: Winnie Hellmann - :why: https://github.com/digitalbazaar/forge/blob/0.6.33/LICENSE - :versions: - - 0.6.33 - :when: 2017-11-16 12:56:17.974767000 Z -- - :license - - sntp - - BSD - - :who: Winnie Hellmann - :why: https://github.com/hueniverse/sntp/blob/v1.0.9/package.json#L28-L29 - :versions: - - 1.0.9 - :when: 2017-11-16 13:02:06.765282000 Z -- - :license - - JSONStream - - MIT - - :who: Tim Zallmann - :why: https://github.com/dominictarr/JSONStream/blob/master/LICENSE.MIT - :versions: [] - :when: 2018-01-17 22:46:12.367554000 Z -- - :approve - - uws - - :who: Tim Zallmann - :why: zlib license + Development Lib + https://github.com/uNetworking/uWebSockets/blob/master/LICENSE - :versions: [] - :when: 2018-01-17 23:46:12.367554000 Z - - :approve - atob - :who: Mike Greiling @@ -525,19 +219,6 @@ :why: https://github.com/mafintosh/cyclist/blob/master/LICENSE :versions: [] :when: 2018-02-20 21:37:43.774978000 Z -- - :license - - bitsyntax - - MIT - - :who: Mike Greiling - :why: https://github.com/squaremo/bitsyntax-js/blob/master/LICENSE-MIT - :versions: [] - :when: 2018-02-20 22:20:25.958123000 Z -- - :approve - - "@webassemblyjs/ieee754" - - :who: Mike Greiling - :why: https://github.com/xtuc/webassemblyjs/blob/master/LICENSE - :versions: [] - :when: 2018-06-08 05:30:56.764116000 Z - - :approve - lz-string - :who: Phil Hughes @@ -579,20 +260,6 @@ in compiled/distributed product so attribution not needed. :versions: [] :when: 2018-10-02 19:23:11.221660000 Z -- - :approve - - node-releases - - :who: Mike Greiling - :why: CC-BY-4.0 license. Tool only used during build process, code is not present - in compiled/distributed product so attribution not needed. - :versions: [] - :when: 2018-10-02 19:23:54.840151000 Z -- - :license - - echarts - - Apache 2.0 - - :who: Adriel Santiago - :why: https://github.com/apache/incubator-echarts/blob/master/LICENSE - :versions: [] - :when: 2018-12-07 20:46:12.421256000 Z - - :license - contracts - BSD @@ -626,3 +293,23 @@ :why: This license is public domain :versions: [] :when: 2020-06-03 05:04:44.632875345 Z +- - :whitelist + - 0BSD + - :who: Natalia Tepluhina + :why: This license is public domain + :versions: [] + :when: 2020-07-17 10:50:44.632875345 Z +- - :license + - font-awesome + - MIT + - :who: Mike Greiling + :why: MIT license + :versions: [] + :when: 2020-07-28 20:35:27.574875000 Z +- - :license + - dompurify + - Apache-2.0 + - :who: Lukas Eipert + :why: "https://github.com/cure53/DOMPurify/blob/main/LICENSE and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31928#note_346604841" + :versions: [] + :when: 2020-08-13 13:42:46.508082000 Z diff --git a/config/feature_categories.yml b/config/feature_categories.yml index fd4cc8bf2a5..e41d6d86e46 100644 --- a/config/feature_categories.yml +++ b/config/feature_categories.yml @@ -42,7 +42,6 @@ - design_management - design_system - devops_reports -- digital_experience_management - disaster_recovery - dynamic_application_security_testing - editor_extension @@ -72,7 +71,6 @@ - jupyter_notebooks - kanban_boards - kubernetes_management -- language_specific - license_compliance - live_preview - load_testing diff --git a/config/feature_flags/development/async_update_pages_config.yml b/config/feature_flags/development/async_update_pages_config.yml new file mode 100644 index 00000000000..4408197f287 --- /dev/null +++ b/config/feature_flags/development/async_update_pages_config.yml @@ -0,0 +1,7 @@ +--- +name: async_update_pages_config +introduced_by_url: +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/230695 +group: 'team::Scalability' +type: development +default_enabled: false diff --git a/config/feature_flags/development/ci_if_parenthesis_enabled.yml b/config/feature_flags/development/ci_if_parenthesis_enabled.yml new file mode 100644 index 00000000000..5de7f9cf09a --- /dev/null +++ b/config/feature_flags/development/ci_if_parenthesis_enabled.yml @@ -0,0 +1,7 @@ +--- +name: ci_if_parenthesis_enabled +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37574 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/238174 +group: group::ci +type: development +default_enabled: true
\ No newline at end of file diff --git a/config/feature_flags/development/ci_plan_needs_size_limit.yml b/config/feature_flags/development/ci_plan_needs_size_limit.yml new file mode 100644 index 00000000000..826aeb8f030 --- /dev/null +++ b/config/feature_flags/development/ci_plan_needs_size_limit.yml @@ -0,0 +1,7 @@ +--- +name: ci_plan_needs_size_limit +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37568 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/238173 +group: group::ci +type: development +default_enabled: true
\ No newline at end of file diff --git a/config/feature_flags/development/dynamic_image_resizing.yml b/config/feature_flags/development/dynamic_image_resizing.yml new file mode 100644 index 00000000000..72547b7736e --- /dev/null +++ b/config/feature_flags/development/dynamic_image_resizing.yml @@ -0,0 +1,7 @@ +--- +name: dynamic_image_resizing +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37342 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/233704 +group: group::memory +type: development +default_enabled: false
\ No newline at end of file diff --git a/config/feature_flags/development/improved_mr_merged_at_queries.yml b/config/feature_flags/development/improved_mr_merged_at_queries.yml new file mode 100644 index 00000000000..9e717991a7d --- /dev/null +++ b/config/feature_flags/development/improved_mr_merged_at_queries.yml @@ -0,0 +1,7 @@ +--- +name: improved_mr_merged_at_queries +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39329 +rollout_issue_url: +group: group::analytics +type: development +default_enabled: false diff --git a/config/feature_flags/development/personal_snippet_reference_filters.yml b/config/feature_flags/development/personal_snippet_reference_filters.yml new file mode 100644 index 00000000000..6a9aefbb379 --- /dev/null +++ b/config/feature_flags/development/personal_snippet_reference_filters.yml @@ -0,0 +1,7 @@ +--- +name: personal_snippet_reference_filters +introduced_by_url: +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/235155 +group: group::editor +type: development +default_enabled: false
\ No newline at end of file diff --git a/config/feature_flags/development/reorder_designs.yml b/config/feature_flags/development/reorder_designs.yml new file mode 100644 index 00000000000..89c6bec7351 --- /dev/null +++ b/config/feature_flags/development/reorder_designs.yml @@ -0,0 +1,7 @@ +--- +name: reorder_designs +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37835 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/232992 +group: group::knowledge +type: development +default_enabled: true diff --git a/config/feature_flags/development/sse_erb_support.yml b/config/feature_flags/development/sse_erb_support.yml new file mode 100644 index 00000000000..21a3ad2104b --- /dev/null +++ b/config/feature_flags/development/sse_erb_support.yml @@ -0,0 +1,7 @@ +--- +name: sse_erb_support +introduced_by_url: +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/235460 +group: group::static site editor +type: development +default_enabled: false diff --git a/config/feature_flags/development/startup_css.yml b/config/feature_flags/development/startup_css.yml new file mode 100644 index 00000000000..c87b2abc9a5 --- /dev/null +++ b/config/feature_flags/development/startup_css.yml @@ -0,0 +1,7 @@ +--- +name: startup_css +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39713 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/238718 +group: group::editor +type: development +default_enabled: false diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 7ba256b39cd..5d217332634 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -218,6 +218,9 @@ production: &base # region: us-east-1 # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces + # storage_options: + # server_side_encryption: AES256 # AES256, aws:kms + # server_side_encryption_kms_key_id: # Amazon Resource Name. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html # objects: # artifacts: # bucket: artifacts @@ -885,6 +888,11 @@ production: &base # (default: false) auto_link_saml_user: false + # Allow users with existing accounts to sign in and auto link their account via OmniAuth + # login, without having to do a manual login first and manually add OmniAuth. Links on email. + # (default: false) + auto_link_user: false + # Set different Omniauth providers as external so that all users creating accounts # via these providers will not be able to have access to internal projects. You # will need to use the full name of the provider, like `google_oauth2` for Google. diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index b7432c4cbe6..628d9c65ce0 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -83,6 +83,7 @@ Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_prov Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil? Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil? Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil? +Settings.omniauth['auto_link_user'] = false if Settings.omniauth['auto_link_user'].nil? Settings.omniauth['sync_profile_from_provider'] = false if Settings.omniauth['sync_profile_from_provider'].nil? Settings.omniauth['sync_profile_attributes'] = ['email'] if Settings.omniauth['sync_profile_attributes'].nil? @@ -283,6 +284,7 @@ Settings.sentry['clientside_dsn'] ||= nil # Pages # Settings['pages'] ||= Settingslogic.new({}) +Settings['pages'] = ::Gitlab::Pages::Settings.new(Settings.pages) # For path access detection https://gitlab.com/gitlab-org/gitlab/-/issues/230702 Settings.pages['enabled'] = false if Settings.pages['enabled'].nil? Settings.pages['access_control'] = false if Settings.pages['access_control'].nil? Settings.pages['path'] = Settings.absolute(Settings.pages['path'] || File.join(Settings.shared['path'], "pages")) @@ -422,6 +424,9 @@ Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker' Settings.cron_jobs['personal_access_tokens_expiring_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['personal_access_tokens_expiring_worker']['cron'] ||= '0 1 * * *' Settings.cron_jobs['personal_access_tokens_expiring_worker']['job_class'] = 'PersonalAccessTokens::ExpiringWorker' +Settings.cron_jobs['personal_access_tokens_expired_notification_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['personal_access_tokens_expired_notification_worker']['cron'] ||= '0 2 * * *' +Settings.cron_jobs['personal_access_tokens_expired_notification_worker']['job_class'] = 'PersonalAccessTokens::ExpiredNotificationWorker' Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *' Settings.cron_jobs['repository_archive_cache_worker']['job_class'] = 'RepositoryArchiveCacheWorker' @@ -571,6 +576,9 @@ Gitlab.ee do Settings.cron_jobs['elastic_cluster_reindexing_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['elastic_cluster_reindexing_cron_worker']['cron'] ||= '*/10 * * * *' Settings.cron_jobs['elastic_cluster_reindexing_cron_worker']['job_class'] ||= 'ElasticClusterReindexingCronWorker' + Settings.cron_jobs['elastic_remove_expired_namespace_subscriptions_from_index_cron_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['elastic_remove_expired_namespace_subscriptions_from_index_cron_worker']['cron'] ||= '10 3 * * *' + Settings.cron_jobs['elastic_remove_expired_namespace_subscriptions_from_index_cron_worker']['job_class'] ||= 'ElasticRemoveExpiredNamespaceSubscriptionsFromIndexCronWorker' Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} 0 * * *" Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker' @@ -589,6 +597,9 @@ Gitlab.ee do Settings.cron_jobs['vulnerability_statistics_schedule_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['vulnerability_statistics_schedule_worker']['cron'] ||= '15 1 * * *' Settings.cron_jobs['vulnerability_statistics_schedule_worker']['job_class'] = 'Vulnerabilities::Statistics::ScheduleWorker' + Settings.cron_jobs['vulnerability_historical_statistics_deletion_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['vulnerability_historical_statistics_deletion_worker']['cron'] ||= '15 3 * * *' + Settings.cron_jobs['vulnerability_historical_statistics_deletion_worker']['job_class'] = 'Vulnerabilities::HistoricalStatistics::DeletionWorker' end # diff --git a/config/initializers/7_prometheus_metrics.rb b/config/initializers/7_prometheus_metrics.rb index bb89850892e..cec1a213ed2 100644 --- a/config/initializers/7_prometheus_metrics.rb +++ b/config/initializers/7_prometheus_metrics.rb @@ -44,6 +44,7 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled? Gitlab::Metrics::Samplers::RubySampler.initialize_instance.start Gitlab::Metrics::Samplers::DatabaseSampler.initialize_instance.start + Gitlab::Metrics::Samplers::ThreadsSampler.initialize_instance.start if Gitlab.ee? && Gitlab::Runtime.sidekiq? Gitlab::Metrics::Samplers::GlobalSearchSampler.instance.start diff --git a/config/initializers/active_record_schema_ignore_tables.rb b/config/initializers/active_record_schema_ignore_tables.rb index 8ac565f239e..0a840bbf1d8 100644 --- a/config/initializers/active_record_schema_ignore_tables.rb +++ b/config/initializers/active_record_schema_ignore_tables.rb @@ -1,5 +1,2 @@ -# Ignore table used temporarily in background migration -ActiveRecord::SchemaDumper.ignore_tables = ["untracked_files_for_uploads"] - # Ignore dynamically managed partitions in static application schema ActiveRecord::SchemaDumper.ignore_tables += ["#{Gitlab::Database::DYNAMIC_PARTITIONS_SCHEMA}.*"] diff --git a/config/initializers/active_record_schema_versions.rb b/config/initializers/active_record_schema_versions.rb index a7c342e8053..68be3f126a0 100644 --- a/config/initializers/active_record_schema_versions.rb +++ b/config/initializers/active_record_schema_versions.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true -# Patch to use COPY in db/structure.sql when populating schema_migrations table +# Patch to write version information as empty files under the db/schema_migrations directory # This is intended to reduce potential for merge conflicts in db/structure.sql -ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(Gitlab::Database::PostgresqlAdapter::SchemaVersionsCopyMixin) +ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(Gitlab::Database::PostgresqlAdapter::DumpSchemaVersionsMixin) +# Patch to load version information from empty files under the db/schema_migrations directory +ActiveRecord::Tasks::PostgreSQLDatabaseTasks.prepend(Gitlab::Database::PostgresqlDatabaseTasks::LoadSchemaVersionsMixin) diff --git a/config/initializers/carrierwave_patch.rb b/config/initializers/carrierwave_patch.rb new file mode 100644 index 00000000000..53fba307926 --- /dev/null +++ b/config/initializers/carrierwave_patch.rb @@ -0,0 +1,53 @@ +# frozen_string_literal: true + +require "carrierwave/storage/fog" + +# This pulls in https://github.com/carrierwaveuploader/carrierwave/pull/2504 to support +# sending AWS S3 encryption headers when copying objects. +# +# This patch also incorporates +# https://github.com/carrierwaveuploader/carrierwave/pull/2375 to +# provide Azure support. This is already in CarrierWave v2.1.x, but +# upgrading this gem is a significant task: +# https://gitlab.com/gitlab-org/gitlab/-/issues/216067 +module CarrierWave + module Storage + class Fog < Abstract + class File + def copy_to(new_path) + connection.copy_object(@uploader.fog_directory, file.key, @uploader.fog_directory, new_path, copy_to_options) + CarrierWave::Storage::Fog::File.new(@uploader, @base, new_path) + end + + def copy_to_options + acl_header.merge(@uploader.fog_attributes) + end + + def authenticated_url(options = {}) + if %w[AWS Google Rackspace OpenStack AzureRM].include?(@uploader.fog_credentials[:provider]) + # avoid a get by using local references + local_directory = connection.directories.new(key: @uploader.fog_directory) + local_file = local_directory.files.new(key: path) + expire_at = ::Fog::Time.now + @uploader.fog_authenticated_url_expiration + case @uploader.fog_credentials[:provider] + when 'AWS', 'Google' + # Older versions of fog-google do not support options as a parameter + if url_options_supported?(local_file) + local_file.url(expire_at, options) + else + warn "Options hash not supported in #{local_file.class}. You may need to upgrade your Fog provider." + local_file.url(expire_at) + end + when 'Rackspace' + connection.get_object_https_url(@uploader.fog_directory, path, expire_at, options) + when 'OpenStack' + connection.get_object_https_url(@uploader.fog_directory, path, expire_at) + else + local_file.url(expire_at) + end + end + end + end + end + end +end diff --git a/config/initializers/database_config.rb b/config/initializers/database_config.rb index ce732677c74..cccd4335a7d 100644 --- a/config/initializers/database_config.rb +++ b/config/initializers/database_config.rb @@ -20,31 +20,34 @@ Gitlab.ee do end end -# When running on multi-threaded runtimes like Puma or Sidekiq, -# set the number of threads per process as the minimum DB connection pool size. -# This is to avoid connectivity issues as was documented here: -# https://github.com/rails/rails/pull/23057 -if Gitlab::Runtime.multi_threaded? - max_threads = Gitlab::Runtime.max_threads - db_config = Gitlab::Database.config || - Rails.application.config.database_configuration[Rails.env] - previous_db_pool_size = db_config['pool'] - - db_config['pool'] = [db_config['pool'].to_i, max_threads].max + ENV["DB_POOL_HEADROOM"].to_i - - ActiveRecord::Base.establish_connection(db_config) - - current_db_pool_size = ActiveRecord::Base.connection.pool.size - - log_pool_size('DB', previous_db_pool_size, current_db_pool_size) - - Gitlab.ee do - if Gitlab::Runtime.sidekiq? && Gitlab::Geo.geo_database_configured? - previous_geo_db_pool_size = Rails.configuration.geo_database['pool'] - Rails.configuration.geo_database['pool'] = max_threads - Geo::TrackingBase.establish_connection(Rails.configuration.geo_database) - current_geo_db_pool_size = Geo::TrackingBase.connection_pool.size - log_pool_size('Geo DB', previous_geo_db_pool_size, current_geo_db_pool_size) - end +# Because of the way Ruby on Rails manages database connections, it is +# important that we have at least as many connections as we have +# threads. While there is a 'pool' setting in database.yml, it is not +# very practical because you need to maintain it in tandem with the +# number of application threads. Because of this we override the number +# of allowed connections in the database connection pool based on the +# configured number of application threads. +# +# Gitlab::Runtime.max_threads is the number of "user facing" application +# threads the process has been configured with. We also have auxiliary +# threads that use database connections. Because it is not practical to +# keep an accurate count of the number auxiliary threads as the +# application evolves over time, we just add a fixed headroom to the +# number of user-facing threads. It is OK if this number is too large +# because connections are instantiated lazily. + +headroom = (ENV["DB_POOL_HEADROOM"].presence || 10).to_i +calculated_pool_size = Gitlab::Runtime.max_threads + headroom + +db_config = Gitlab::Database.config || + Rails.application.config.database_configuration[Rails.env] + +db_config['pool'] = calculated_pool_size +ActiveRecord::Base.establish_connection(db_config) + +Gitlab.ee do + if Gitlab::Runtime.sidekiq? && Gitlab::Geo.geo_database_configured? + Rails.configuration.geo_database['pool'] = calculated_pool_size + Geo::TrackingBase.establish_connection(Rails.configuration.geo_database) end end diff --git a/config/initializers/direct_upload_support.rb b/config/initializers/direct_upload_support.rb index 0fc6e82207e..94e90727f0c 100644 --- a/config/initializers/direct_upload_support.rb +++ b/config/initializers/direct_upload_support.rb @@ -1,5 +1,5 @@ class DirectUploadsValidator - SUPPORTED_DIRECT_UPLOAD_PROVIDERS = %w(Google AWS).freeze + SUPPORTED_DIRECT_UPLOAD_PROVIDERS = %w(Google AWS AzureRM).freeze ValidationError = Class.new(StandardError) @@ -13,22 +13,32 @@ class DirectUploadsValidator raise ValidationError, "No provider configured for '#{uploader_type}'. #{supported_provider_text}" if provider.blank? - return if SUPPORTED_DIRECT_UPLOAD_PROVIDERS.include?(provider) + return if provider_loaded?(provider) raise ValidationError, "Object storage provider '#{provider}' is not supported " \ "when 'direct_upload' is used for '#{uploader_type}'. #{supported_provider_text}" end + private + + def provider_loaded?(provider) + return false unless SUPPORTED_DIRECT_UPLOAD_PROVIDERS.include?(provider) + + require 'fog/azurerm' if provider == 'AzureRM' + + true + end + def supported_provider_text - "Only #{SUPPORTED_DIRECT_UPLOAD_PROVIDERS.join(', ')} are supported." + "Only #{SUPPORTED_DIRECT_UPLOAD_PROVIDERS.to_sentence} are supported." end end DirectUploadsValidator.new.tap do |validator| CONFIGS = { artifacts: Gitlab.config.artifacts, - uploads: Gitlab.config.uploads, - lfs: Gitlab.config.lfs + lfs: Gitlab.config.lfs, + uploads: Gitlab.config.uploads }.freeze CONFIGS.each do |uploader_type, uploader| diff --git a/config/initializers/elastic_client_setup.rb b/config/initializers/elastic_client_setup.rb index 21745bd81d8..5b8d81265ad 100644 --- a/config/initializers/elastic_client_setup.rb +++ b/config/initializers/elastic_client_setup.rb @@ -13,6 +13,7 @@ Gitlab.ee do Elasticsearch::Model::Adapter::Multiple::Records.prepend GemExtensions::Elasticsearch::Model::Adapter::Multiple::Records Elasticsearch::Model::Indexing::InstanceMethods.prepend GemExtensions::Elasticsearch::Model::Indexing::InstanceMethods Elasticsearch::Model::Adapter::ActiveRecord::Importing.prepend GemExtensions::Elasticsearch::Model::Adapter::ActiveRecord::Importing + Elasticsearch::Model::Adapter::ActiveRecord::Records.prepend GemExtensions::Elasticsearch::Model::Adapter::ActiveRecord::Records Elasticsearch::Model::Client::InstanceMethods.prepend GemExtensions::Elasticsearch::Model::Client Elasticsearch::Model::Client::ClassMethods.prepend GemExtensions::Elasticsearch::Model::Client Elasticsearch::Model::ClassMethods.prepend GemExtensions::Elasticsearch::Model::Client diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb index 42c97e4aebd..e3601a9538e 100644 --- a/config/initializers/lograge.rb +++ b/config/initializers/lograge.rb @@ -5,7 +5,7 @@ unless Gitlab::Runtime.sidekiq? Rails.application.configure do config.lograge.enabled = true # Store the lograge JSON files in a separate file - config.lograge.keep_original_rails_log = true + config.lograge.keep_original_rails_log = Gitlab::Utils.to_boolean(ENV.fetch('UNSTRUCTURED_RAILS_LOG', 'true')) # Don't use the Logstash formatter since this requires logstash-event, an # unmaintained gem that monkey patches `Time` config.lograge.formatter = Lograge::Formatters::Json.new diff --git a/config/initializers/peek.rb b/config/initializers/peek.rb index deac938c80b..fa74d8620f4 100644 --- a/config/initializers/peek.rb +++ b/config/initializers/peek.rb @@ -14,3 +14,9 @@ Peek.into Peek::Views::Rugged Peek.into Peek::Views::BulletDetailed if defined?(Bullet) Peek.into Peek::Views::Tracing if Labkit::Tracing.tracing_url_enabled? + +ActiveSupport::Notifications.subscribe('endpoint_run.grape') do |_name, _start, _finish, _id, payload| + if request_id = payload[:env]['action_dispatch.request_id'] + Peek.adapter.save(request_id) + end +end diff --git a/config/initializers/postgres_partitioning.rb b/config/initializers/postgres_partitioning.rb index 6c8a72d9bd5..b3f12c2ceb1 100644 --- a/config/initializers/postgres_partitioning.rb +++ b/config/initializers/postgres_partitioning.rb @@ -3,8 +3,10 @@ # Make sure we have loaded partitioned models here # (even with eager loading disabled). +Gitlab::Database::Partitioning::PartitionCreator.register(AuditEventPartitioned) + begin - Gitlab::Database::Partitioning::PartitionCreator.new.create_partitions + Gitlab::Database::Partitioning::PartitionCreator.new.create_partitions unless ENV['DISABLE_POSTGRES_PARTITION_CREATION_ON_STARTUP'] rescue ActiveRecord::ActiveRecordError, PG::Error # ignore - happens when Rake tasks yet have to create a database, e.g. for testing end diff --git a/config/initializers/rails_host_authorization.rb b/config/initializers/rails_host_authorization.rb index 6cca39ea95b..7d719dd519f 100644 --- a/config/initializers/rails_host_authorization.rb +++ b/config/initializers/rails_host_authorization.rb @@ -3,7 +3,7 @@ # This file requires config/initializers/1_settings.rb if Rails.env.development? - Rails.application.config.hosts += [Gitlab.config.gitlab.host, 'unix'] + Rails.application.config.hosts += [Gitlab.config.gitlab.host, 'unix', 'host.docker.internal'] if ENV['RAILS_HOSTS'] additional_hosts = ENV['RAILS_HOSTS'].split(',').select(&:presence) diff --git a/config/initializers/sidekiq_cluster.rb b/config/initializers/sidekiq_cluster.rb index 4ff8dd9b936..2f9c1de47eb 100644 --- a/config/initializers/sidekiq_cluster.rb +++ b/config/initializers/sidekiq_cluster.rb @@ -14,10 +14,10 @@ if ENV['ENABLE_SIDEKIQ_CLUSTER'] if Process.ppid != parent Process.kill(:TERM, Process.pid) - # Wait for just a few extra seconds for a final attempt to - # gracefully terminate. Considering the parent (cluster) process - # have changed (SIGKILL'd), it shouldn't take long to shutdown. - sleep(5) + # Allow sidekiq to cleanly terminate and push any running jobs back + # into the queue. We use the configured timeout and add a small + # grace period + sleep(Sidekiq.options[:timeout] + 5) # Signaling the Sidekiq Pgroup as KILL is not forwarded to # a possible child process. In Sidekiq Cluster, all child Sidekiq diff --git a/config/initializers/stackprof.rb b/config/initializers/stackprof.rb index 5497ff9a459..797efdb9bbd 100644 --- a/config/initializers/stackprof.rb +++ b/config/initializers/stackprof.rb @@ -8,94 +8,122 @@ # * timeout profile after 30 seconds # * write to $TMPDIR/stackprof.$PID.$RAND.profile -if Gitlab::Utils.to_boolean(ENV['STACKPROF_ENABLED'].to_s) - Gitlab::Cluster::LifecycleEvents.on_worker_start do - require 'stackprof' - require 'tmpdir' +module Gitlab + class StackProf + # this is a workaround for sidekiq, which defines its own SIGUSR2 handler. + # by defering to the sidekiq startup event, we get to set up our own + # handler late enough. + # see also: https://github.com/mperham/sidekiq/pull/4653 + def self.install + require 'stackprof' + require 'tmpdir' + + if Gitlab::Runtime.sidekiq? + Sidekiq.configure_server do |config| + config.on :startup do + on_worker_start + end + end + else + Gitlab::Cluster::LifecycleEvents.on_worker_start do + on_worker_start + end + end + end - Gitlab::AppJsonLogger.info "stackprof: listening on SIGUSR2 signal" + def self.on_worker_start + Gitlab::AppJsonLogger.info( + event: "stackprof", + message: "listening on SIGUSR2 signal", + pid: Process.pid + ) - # create a pipe in order to propagate signal out of the signal handler - # see also: https://cr.yp.to/docs/selfpipe.html - read, write = IO.pipe + # create a pipe in order to propagate signal out of the signal handler + # see also: https://cr.yp.to/docs/selfpipe.html + read, write = IO.pipe - # create a separate thread that polls for signals on the pipe. - # - # this way we do not execute in signal handler context, which - # lifts restrictions and also serializes the calls in a thread-safe - # manner. - # - # it's very similar to a goroutine and channel design. - # - # another nice benefit of this method is that we can timeout the - # IO.select call, allowing the profile to automatically stop after - # a given interval (by default 30 seconds), avoiding unbounded memory - # growth from a profile that was started and never stopped. - t = Thread.new do - timeout_s = ENV['STACKPROF_TIMEOUT_S']&.to_i || 30 - current_timeout_s = nil - loop do - got_value = IO.select([read], nil, nil, current_timeout_s) - read.getbyte if got_value + # create a separate thread that polls for signals on the pipe. + # + # this way we do not execute in signal handler context, which + # lifts restrictions and also serializes the calls in a thread-safe + # manner. + # + # it's very similar to a goroutine and channel design. + # + # another nice benefit of this method is that we can timeout the + # IO.select call, allowing the profile to automatically stop after + # a given interval (by default 30 seconds), avoiding unbounded memory + # growth from a profile that was started and never stopped. + t = Thread.new do + timeout_s = ENV['STACKPROF_TIMEOUT_S']&.to_i || 30 + current_timeout_s = nil + loop do + got_value = IO.select([read], nil, nil, current_timeout_s) + read.getbyte if got_value - if StackProf.running? - stackprof_file_prefix = ENV['STACKPROF_FILE_PREFIX'] || Dir.tmpdir - stackprof_out_file = "#{stackprof_file_prefix}/stackprof.#{Process.pid}.#{SecureRandom.hex(6)}.profile" + if ::StackProf.running? + stackprof_file_prefix = ENV['STACKPROF_FILE_PREFIX'] || Dir.tmpdir + stackprof_out_file = "#{stackprof_file_prefix}/stackprof.#{Process.pid}.#{SecureRandom.hex(6)}.profile" - Gitlab::AppJsonLogger.info( - event: "stackprof", - message: "stopping profile", - output_filename: stackprof_out_file, - pid: Process.pid, - timeout_s: timeout_s, - timed_out: got_value.nil? - ) + Gitlab::AppJsonLogger.info( + event: "stackprof", + message: "stopping profile", + output_filename: stackprof_out_file, + pid: Process.pid, + timeout_s: timeout_s, + timed_out: got_value.nil? + ) - StackProf.stop - StackProf.results(stackprof_out_file) - current_timeout_s = nil - else - Gitlab::AppJsonLogger.info( - event: "stackprof", - message: "starting profile", - pid: Process.pid - ) + ::StackProf.stop + ::StackProf.results(stackprof_out_file) + current_timeout_s = nil + else + Gitlab::AppJsonLogger.info( + event: "stackprof", + message: "starting profile", + pid: Process.pid + ) - StackProf.start( - mode: :cpu, - raw: Gitlab::Utils.to_boolean(ENV['STACKPROF_RAW'] || 'true'), - interval: ENV['STACKPROF_INTERVAL_US']&.to_i || 10_000 - ) - current_timeout_s = timeout_s + ::StackProf.start( + mode: :cpu, + raw: Gitlab::Utils.to_boolean(ENV['STACKPROF_RAW'] || 'true'), + interval: ENV['STACKPROF_INTERVAL_US']&.to_i || 10_000 + ) + current_timeout_s = timeout_s + end end end - end - t.abort_on_exception = true + t.abort_on_exception = true - # in the case of puma, this will override the existing SIGUSR2 signal handler - # that can be used to trigger a restart. - # - # puma cluster has two types of restarts: - # * SIGUSR1: phased restart - # * SIGUSR2: restart - # - # phased restart is not supported in our configuration, because we use - # preload_app. this means we will always perform a normal restart. - # additionally, phased restart is not supported when sending a SIGUSR2 - # directly to a puma worker (as opposed to the master process). - # - # the result is that the behaviour of SIGUSR1 and SIGUSR2 is identical in - # our configuration, and we can always use a SIGUSR1 to perform a restart. - # - # thus, it is acceptable for us to re-appropriate the SIGUSR2 signal, and - # override the puma behaviour. - # - # see also: - # * https://github.com/puma/puma/blob/master/docs/signals.md#puma-signals - # * https://github.com/phusion/unicorn/blob/master/SIGNALS - # * https://github.com/mperham/sidekiq/wiki/Signals - Signal.trap('SIGUSR2') do - write.write('.') + # in the case of puma, this will override the existing SIGUSR2 signal handler + # that can be used to trigger a restart. + # + # puma cluster has two types of restarts: + # * SIGUSR1: phased restart + # * SIGUSR2: restart + # + # phased restart is not supported in our configuration, because we use + # preload_app. this means we will always perform a normal restart. + # additionally, phased restart is not supported when sending a SIGUSR2 + # directly to a puma worker (as opposed to the master process). + # + # the result is that the behaviour of SIGUSR1 and SIGUSR2 is identical in + # our configuration, and we can always use a SIGUSR1 to perform a restart. + # + # thus, it is acceptable for us to re-appropriate the SIGUSR2 signal, and + # override the puma behaviour. + # + # see also: + # * https://github.com/puma/puma/blob/master/docs/signals.md#puma-signals + # * https://github.com/phusion/unicorn/blob/master/SIGNALS + # * https://github.com/mperham/sidekiq/wiki/Signals + Signal.trap('SIGUSR2') do + write.write('.') + end end end end + +if Gitlab::Utils.to_boolean(ENV['STACKPROF_ENABLED'].to_s) + Gitlab::StackProf.install +end diff --git a/config/initializers/time_zone.rb b/config/initializers/time_zone.rb index ee246e67d66..bca7411ad63 100644 --- a/config/initializers/time_zone.rb +++ b/config/initializers/time_zone.rb @@ -1 +1,8 @@ Time.zone = Gitlab.config.gitlab.time_zone || Time.zone +# The default is normally set by Rails in the +# active_support.initialize_time_zone Railtie, but we need to set it +# here because the config settings aren't available until after that +# runs. We set the default to ensure multi-threaded servers have the +# right value. +Time.zone_default = Time.zone +Rails.application.config.time_zone = Time.zone diff --git a/config/initializers/validate_puma.rb b/config/initializers/validate_puma.rb index 5abcfbfe6be..ac5678c4b5a 100644 --- a/config/initializers/validate_puma.rb +++ b/config/initializers/validate_puma.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true -if Gitlab::Runtime.puma? && ::Puma.cli_config.options[:workers].to_i.zero? +if Gitlab::Runtime.puma? && ::Puma.cli_config.options[:workers].to_i == 0 raise 'Puma is only supported in Cluster-mode: workers > 0' end diff --git a/config/initializers/zz_metrics.rb b/config/initializers/zz_metrics.rb index 7e675e478cf..8e31e4f9282 100644 --- a/config/initializers/zz_metrics.rb +++ b/config/initializers/zz_metrics.rb @@ -147,7 +147,6 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d Gitlab::Application.configure do |config| config.middleware.use(Gitlab::Metrics::RackMiddleware) config.middleware.use(Gitlab::Middleware::RailsQueueDuration) - config.middleware.use(Gitlab::Metrics::RedisRackMiddleware) config.middleware.use(Gitlab::Metrics::ElasticsearchRackMiddleware) end @@ -199,7 +198,7 @@ if Gitlab::Metrics.enabled? && !Rails.env.test? && !(Rails.env.development? && d val = super if current_transaction = ::Gitlab::Metrics::Transaction.current - current_transaction.increment(:new_redis_connections, 1) + current_transaction.increment(:gitlab_transaction_new_redis_connections_total, 1) end val diff --git a/config/initializers_before_autoloader/000_inflections.rb b/config/initializers_before_autoloader/000_inflections.rb index 5c1a3e87fba..938f9ca9028 100644 --- a/config/initializers_before_autoloader/000_inflections.rb +++ b/config/initializers_before_autoloader/000_inflections.rb @@ -25,6 +25,7 @@ ActiveSupport::Inflector.inflections do |inflect| project_registry project_statistics system_note_metadata + terraform_state_registry vulnerabilities_feedback vulnerability_feedback ) diff --git a/config/object_store_settings.rb b/config/object_store_settings.rb index d8e1939a346..0d346135463 100644 --- a/config/object_store_settings.rb +++ b/config/object_store_settings.rb @@ -13,6 +13,7 @@ class ObjectStoreSettings object_store['direct_upload'] = false if object_store['direct_upload'].nil? object_store['background_upload'] = true if object_store['background_upload'].nil? object_store['proxy_download'] = false if object_store['proxy_download'].nil? + object_store['storage_options'] ||= {} # Convert upload connection settings to use string keys, to make Fog happy object_store['connection']&.deep_stringify_keys! @@ -37,6 +38,8 @@ class ObjectStoreSettings # region: gdk # endpoint: 'http://127.0.0.1:9000' # path_style: true + # storage_options: + # server_side_encryption: AES256 # proxy_download: true # objects: # artifacts: @@ -49,7 +52,7 @@ class ObjectStoreSettings # # Settings.artifacts['object_store'] = { # "enabled" => true, - # "connection"=> { + # "connection" => { # "provider" => "AWS", # "aws_access_key_id" => "minio", # "aws_secret_access_key" => "gdk-minio", @@ -57,6 +60,9 @@ class ObjectStoreSettings # "endpoint" => "http://127.0.0.1:9000", # "path_style" => true # }, + # "storage_options" => { + # "server_side_encryption" => "AES256" + # }, # "direct_upload" => true, # "background_upload" => false, # "proxy_download" => false, @@ -73,6 +79,9 @@ class ObjectStoreSettings # "endpoint" => "http://127.0.0.1:9000", # "path_style" => true # }, + # "storage_options" => { + # "server_side_encryption" => "AES256" + # }, # "direct_upload" => true, # "background_upload" => false, # "proxy_download" => true, @@ -91,12 +100,13 @@ class ObjectStoreSettings return unless use_consolidated_settings? main_config = settings['object_store'] - common_config = main_config.slice('enabled', 'connection', 'proxy_download') + common_config = main_config.slice('enabled', 'connection', 'proxy_download', 'storage_options') # Convert connection settings to use string keys, to make Fog happy common_config['connection']&.deep_stringify_keys! # These are no longer configurable if common config is used common_config['direct_upload'] = true common_config['background_upload'] = false + common_config['storage_options'] ||= {} SUPPORTED_TYPES.each do |store_type| overrides = main_config.dig('objects', store_type) || {} diff --git a/config/plugins/monaco_webpack.js b/config/plugins/monaco_webpack.js index 7d283782453..698d1b9b1fa 100644 --- a/config/plugins/monaco_webpack.js +++ b/config/plugins/monaco_webpack.js @@ -8,10 +8,10 @@ const { languagesArr } = require('monaco-editor-webpack-plugin/out/languages'); const yamlLang = languagesArr.find(t => t.label === 'yaml'); -yamlLang.entry = [yamlLang.entry, '../../monaco-yaml/esm/monaco.contribution']; +yamlLang.entry = [yamlLang.entry, '../../monaco-yaml/lib/esm/monaco.contribution']; yamlLang.worker = { id: 'vs/language/yaml/yamlWorker', - entry: '../../monaco-yaml/esm/yaml.worker.js', + entry: '../../monaco-yaml/lib/esm/yaml.worker.js', }; module.exports = require('monaco-editor-webpack-plugin'); diff --git a/config/prometheus/cluster_metrics.yml b/config/prometheus/cluster_metrics.yml index 1e396f4bbbd..a76a162820a 100644 --- a/config/prometheus/cluster_metrics.yml +++ b/config/prometheus/cluster_metrics.yml @@ -2,12 +2,10 @@ dashboard: 'Cluster health' priority: 1 panel_groups: - group: Cluster Health - priority: 10 panels: - title: "CPU Usage" type: "area-chart" y_label: "CPU (cores)" - weight: 1 metrics: - id: cluster_health_cpu_usage query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{id="/"}[15m])) by (job)) without (job)' @@ -24,7 +22,6 @@ panel_groups: - title: "Memory Usage" type: "area-chart" y_label: "Memory (GiB)" - weight: 1 metrics: - id: cluster_health_memory_usage query_range: 'avg(sum(container_memory_usage_bytes{id="/"}) by (job)) without (job) / 2^30' diff --git a/config/prometheus/common_metrics.yml b/config/prometheus/common_metrics.yml index d9aaff12a4d..67994740ff1 100644 --- a/config/prometheus/common_metrics.yml +++ b/config/prometheus/common_metrics.yml @@ -2,12 +2,10 @@ dashboard: 'Environment metrics' priority: 1 panel_groups: - group: System metrics (Kubernetes) - priority: 15 panels: - title: "Memory Usage (Total)" type: "area-chart" y_label: "Total Memory Used (GB)" - weight: 4 metrics: - id: system_metrics_kubernetes_container_memory_total # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -18,7 +16,6 @@ panel_groups: - title: "Core Usage (Total)" type: "area-chart" y_label: "Total Cores" - weight: 3 metrics: - id: system_metrics_kubernetes_container_cores_total # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -29,7 +26,6 @@ panel_groups: - title: "Memory Usage (Pod average)" type: "line-chart" y_label: "Memory Used per Pod (MB)" - weight: 2 metrics: - id: system_metrics_kubernetes_container_memory_average # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -40,7 +36,6 @@ panel_groups: - title: "Canary: Memory Usage (Pod Average)" type: "line-chart" y_label: "Memory Used per Pod (MB)" - weight: 2 metrics: - id: system_metrics_kubernetes_container_memory_average_canary # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -52,7 +47,6 @@ panel_groups: - title: "Core Usage (Pod Average)" type: "line-chart" y_label: "Cores per Pod" - weight: 1 metrics: - id: system_metrics_kubernetes_container_core_usage # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -63,7 +57,6 @@ panel_groups: - title: "Canary: Core Usage (Pod Average)" type: "line-chart" y_label: "Cores per Pod" - weight: 1 metrics: - id: system_metrics_kubernetes_container_core_usage_canary # Remove the second metric (after OR) when we drop support for K8s 1.13 @@ -75,7 +68,6 @@ panel_groups: - title: "Knative function invocations" type: "area-chart" y_label: "Invocations" - weight: 1 metrics: - id: system_metrics_knative_function_invocation_count query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="{{kube_namespace}}", destination_service=~"{{function_name}}.*"}[1m])*60))' @@ -83,12 +75,10 @@ panel_groups: unit: requests # NGINX Ingress metrics for pre-0.16.0 versions - group: Response metrics (NGINX Ingress VTS) - priority: 10 panels: - title: "Throughput" type: "area-chart" y_label: "Requests / Sec" - weight: 1 metrics: - id: response_metrics_nginx_ingress_throughput_status_code query_range: 'sum(rate(nginx_upstream_responses_total{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) by (status_code)' @@ -99,7 +89,6 @@ panel_groups: y_label: "Latency (ms)" y_axis: format: milliseconds - weight: 1 metrics: - id: response_metrics_nginx_ingress_latency_pod_average query_range: 'avg(nginx_upstream_response_msecs_avg{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"})' @@ -110,7 +99,6 @@ panel_groups: y_label: "HTTP Errors (%)" y_axis: format: percentHundred - weight: 1 metrics: - id: response_metrics_nginx_ingress_http_error_rate query_range: 'sum(rate(nginx_upstream_responses_total{status_code="5xx", upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) / sum(rate(nginx_upstream_responses_total{upstream=~"{{kube_namespace}}-{{ci_environment_slug}}-.*"}[2m])) * 100' @@ -118,12 +106,10 @@ panel_groups: unit: "%" # NGINX Ingress metrics for post-0.16.0 versions - group: Response metrics (NGINX Ingress) - priority: 10 panels: - title: "Throughput" type: "area-chart" y_label: "Requests / Sec" - weight: 1 metrics: - id: response_metrics_nginx_ingress_16_throughput_status_code query_range: 'sum(label_replace(rate(nginx_ingress_controller_requests{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m]), "status_code", "${1}xx", "status", "(.)..")) by (status_code)' @@ -132,7 +118,6 @@ panel_groups: - title: "Latency" type: "area-chart" y_label: "Latency (ms)" - weight: 1 metrics: - id: response_metrics_nginx_ingress_16_latency_pod_average query_range: 'sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_sum{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) / sum(rate(nginx_ingress_controller_ingress_upstream_latency_seconds_count{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) * 1000' @@ -141,19 +126,16 @@ panel_groups: - title: "HTTP Error Rate" type: "area-chart" y_label: "HTTP Errors (%)" - weight: 1 metrics: - id: response_metrics_nginx_ingress_16_http_error_rate query_range: 'sum(rate(nginx_ingress_controller_requests{status=~"5.*",namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) / sum(rate(nginx_ingress_controller_requests{namespace="{{kube_namespace}}",ingress=~".*{{ci_environment_slug}}.*"}[2m])) * 100' label: 5xx Errors (%) unit: "%" - group: Response metrics (HA Proxy) - priority: 10 panels: - title: "Throughput" type: "area-chart" y_label: "Requests / Sec" - weight: 1 metrics: - id: response_metrics_ha_proxy_throughput_status_code query_range: 'sum(rate(haproxy_frontend_http_requests_total{ {{environment_filter}} }[2m])) by (code)' @@ -162,19 +144,16 @@ panel_groups: - title: "HTTP Error Rate" type: "area-chart" y_label: "Error Rate (%)" - weight: 1 metrics: - id: response_metrics_ha_proxy_http_error_rate query_range: 'sum(rate(haproxy_frontend_http_responses_total{code="5xx",{{environment_filter}} }[2m])) / sum(rate(haproxy_frontend_http_responses_total{ {{environment_filter}} }[2m]))' label: HTTP Errors (%) unit: "%" - group: Response metrics (AWS ELB) - priority: 10 panels: - title: "Throughput" type: "area-chart" y_label: "Requests / Sec" - weight: 1 metrics: - id: response_metrics_aws_elb_throughput_requests query_range: 'sum(aws_elb_request_count_sum{ {{environment_filter}} }) / 60' @@ -183,7 +162,6 @@ panel_groups: - title: "Latency" type: "area-chart" y_label: "Latency (ms)" - weight: 1 metrics: - id: response_metrics_aws_elb_latency_average query_range: 'avg(aws_elb_latency_average{ {{environment_filter}} }) * 1000' @@ -192,19 +170,16 @@ panel_groups: - title: "HTTP Error Rate" type: "area-chart" y_label: "Error Rate (%)" - weight: 1 metrics: - id: response_metrics_aws_elb_http_error_rate query_range: 'sum(aws_elb_httpcode_backend_5_xx_sum{ {{environment_filter}} }) / sum(aws_elb_request_count_sum{ {{environment_filter}} })' label: HTTP Errors (%) unit: "%" - group: Response metrics (NGINX) - priority: 10 panels: - title: "Throughput" type: "area-chart" y_label: "Requests / Sec" - weight: 1 metrics: - id: response_metrics_nginx_throughput_status_code query_range: 'sum(rate(nginx_server_requests{server_zone!="*", server_zone!="_", {{environment_filter}} }[2m])) by (code)' @@ -213,7 +188,6 @@ panel_groups: - title: "Latency" type: "area-chart" y_label: "Latency (ms)" - weight: 1 metrics: - id: response_metrics_nginx_latency query_range: 'avg(nginx_server_requestMsec{ {{environment_filter}} })' @@ -224,7 +198,6 @@ panel_groups: y_label: "HTTP 500 Errors / Sec" y_axis: precision: 0 - weight: 1 metrics: - id: response_metrics_nginx_http_error_rate query_range: 'sum(rate(nginx_server_requests{code="5xx", {{environment_filter}} }[2m]))' @@ -233,7 +206,6 @@ panel_groups: - title: "HTTP Error Rate" type: "area-chart" y_label: "HTTP Errors (%)" - weight: 1 metrics: - id: response_metrics_nginx_http_error_percentage query_range: 'sum(rate(nginx_server_requests{code=~"5.*", host="*", {{environment_filter}} }[2m])) / sum(rate(nginx_server_requests{code="total", host="*", {{environment_filter}} }[2m])) * 100' diff --git a/config/prometheus/pod_metrics.yml b/config/prometheus/pod_metrics.yml index 29575ec543e..b9395124405 100644 --- a/config/prometheus/pod_metrics.yml +++ b/config/prometheus/pod_metrics.yml @@ -1,59 +1,115 @@ -dashboard: 'Pod metrics' -priority: 10 +dashboard: 'K8s pod health' +priority: 2 + +templating: + variables: + pod: + label: 'Pod name' + type: metric_label_values + options: + series_selector: 'container_memory_working_set_bytes' + label: 'pod' + panel_groups: - group: CPU metrics panels: - title: "CPU usage" type: "line-chart" - y_label: "Cores per pod" + y_label: "Cores per container" metrics: - id: pod_cpu_usage_seconds_total - query_range: 'rate(container_cpu_usage_seconds_total{pod_name="{{pod_name}}",container_name="POD"}[5m])' + query_range: >- + sum( + rate(container_cpu_usage_seconds_total{pod="{{pod}}",container!="POD"}[5m]) + ) + by (container) unit: "cores" - label: pod_name + label: container + + - title: "CPU throttling" + type: "line-chart" + y_label: "Cores per container" + metrics: + - id: pod_cpu_cfs_throttle + query_range: >- + sum( + rate(container_cpu_cfs_throttled_seconds_total{pod="{{pod}}"}[5m]) + ) + by (container) + unit: "cores" + label: container + - group: Memory metrics panels: - title: "Memory usage working set" type: "line-chart" - y_label: "Working set memory (MiB)" + y_label: "Working set memory" metrics: - id: pod_memory_working_set - query_range: 'container_memory_working_set_bytes{pod_name="{{pod_name}}",container_name="POD"}/1024/1024' - unit: "MiB" - label: pod_name + query_range: >- + sum( + container_memory_working_set_bytes{pod="{{pod}}",container!="POD"} + ) by (container) + unit: "bytes" + label: container + - group: Network metrics panels: - title: "Network Receive (In)" type: "line-chart" - y_label: "Received (KiB/sec)" + y_label: "Received (bytes/sec)" metrics: - id: pod_network_receive - query_range: 'rate(container_network_receive_bytes_total{pod_name="{{pod_name}}",container_name="POD"}[5m])/1024' - unit: "KiB / sec" - label: pod_name + query_range: >- + sum( + rate( + container_network_receive_bytes_total{pod="{{pod}}"}[5m] + ) + ) by (pod) + unit: "bytes" + label: pod + - title: "Network Transmit (Out)" type: "line-chart" - y_label: "Transmitted (KiB/sec)" + y_label: "Transmitted (bytes/sec)" metrics: - id: pod_network_transmit - query_range: 'rate(container_network_transmit_bytes_total{pod_name="{{pod_name}}",container_name="POD"}[5m])/1024' - unit: "KiB / sec" - label: pod_name + query_range: >- + sum( + rate( + container_network_transmit_bytes_total{pod="{{pod}}"}[5m] + ) + ) by (pod) + unit: bytes + label: pod + - group: Disk metrics panels: - title: "Disk Reads" type: "line-chart" - y_label: "Disk reads (KiB/sec)" + y_label: "Disk reads (bytes/sec)" metrics: - id: pod_disk_reads - query_range: 'rate(container_fs_reads_bytes_total{container_name="POD",pod_name="{{pod_name}}"}[5m])/1024' - unit: "KiB / sec" - label: pod_name + query_range: >- + sum( + rate( + container_fs_reads_bytes_total{pod="{{pod}}", container!="POD"}[5m] + ) + ) by (container,device) + + unit: "bytes / sec" + label: "{{container}} {{device}}" + - title: "Disk Writes" type: "line-chart" - y_label: "Disk writes (KiB/sec)" + y_label: "Disk writes (bytes/sec)" metrics: - id: pod_disk_writes - query_range: 'rate(container_fs_writes_bytes_total{container_name="POD",pod_name="{{pod_name}}"}[5m])/1024' - unit: "KiB / sec" - label: pod_name + query_range: >- + sum( + rate( + container_fs_writes_bytes_total{pod="{{pod}}", container!="POD"}[5m] + ) + ) by (container,device) + unit: "bytes / sec" + label: "{{container}} {{device}}" diff --git a/config/prometheus/self_monitoring_default.yml b/config/prometheus/self_monitoring_default.yml index 50e6f4585e4..024733bf2f0 100644 --- a/config/prometheus/self_monitoring_default.yml +++ b/config/prometheus/self_monitoring_default.yml @@ -1,4 +1,4 @@ -dashboard: 'Default dashboard' +dashboard: 'Overview' priority: 1 templating: diff --git a/config/routes.rb b/config/routes.rb index 237298b3cb6..b1ab4ec6bab 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -179,6 +179,8 @@ Rails.application.routes.draw do # in case we decide to move away from doorkeeper-openid_connect get 'jwks' => 'doorkeeper/openid_connect/discovery#keys' + draw :snippets + # Product analytics collector match '/collector/i', to: ProductAnalytics::CollectorApp.new, via: :all end @@ -259,7 +261,6 @@ Rails.application.routes.draw do draw :api draw :sidekiq draw :help - draw :snippets draw :google_api draw :import draw :uploads @@ -270,11 +271,8 @@ Rails.application.routes.draw do draw :user draw :project - # Serve snippet routes under /-/snippets. - # To ensure an old unscoped routing is used for the UI we need to - # add prefix 'as' to the scope routing and place it below original routing. # Issue https://gitlab.com/gitlab-org/gitlab/-/issues/210024 - scope '-', as: :scoped do + scope as: 'deprecated' do draw :snippets end diff --git a/config/routes/group.rb b/config/routes/group.rb index 408c57eaa94..e07ed0fab05 100644 --- a/config/routes/group.rb +++ b/config/routes/group.rb @@ -5,23 +5,27 @@ constraints(::Constraints::GroupUrlConstrainer.new) do controller: :groups, constraints: { id: Gitlab::PathRegex.full_namespace_route_regex, format: /(html|json|atom|ics)/ }) do scope(path: '-') do - get :edit, as: :edit_group - get :issues, as: :issues_group_calendar, action: :issues_calendar, constraints: lambda { |req| req.format == :ics } - get :issues, as: :issues_group - get :merge_requests, as: :merge_requests_group - get :projects, as: :projects_group - get :details, as: :details_group - get :activity, as: :activity_group - put :transfer, as: :transfer_group - post :export, as: :export_group - get :download_export, as: :download_export_group + # These routes are legit and the cop rule will be improved in + # https://gitlab.com/gitlab-org/gitlab/-/issues/230703 + get :edit, as: :edit_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :issues, as: :issues_group_calendar, action: :issues_calendar, constraints: lambda { |req| req.format == :ics } # rubocop:disable Cop/PutGroupRoutesUnderScope + get :issues, as: :issues_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :merge_requests, as: :merge_requests_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :projects, as: :projects_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :details, as: :details_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :activity, as: :activity_group # rubocop:disable Cop/PutGroupRoutesUnderScope + put :transfer, as: :transfer_group # rubocop:disable Cop/PutGroupRoutesUnderScope + post :export, as: :export_group # rubocop:disable Cop/PutGroupRoutesUnderScope + get :download_export, as: :download_export_group # rubocop:disable Cop/PutGroupRoutesUnderScope # TODO: Remove as part of refactor in https://gitlab.com/gitlab-org/gitlab-foss/issues/49693 - get 'shared', action: :show, as: :group_shared - get 'archived', action: :show, as: :group_archived + get 'shared', action: :show, as: :group_shared # rubocop:disable Cop/PutGroupRoutesUnderScope + get 'archived', action: :show, as: :group_archived # rubocop:disable Cop/PutGroupRoutesUnderScope end - get '/', action: :show, as: :group_canonical + # These routes are legit and the cop rule will be improved in + # https://gitlab.com/gitlab-org/gitlab/-/issues/230703 + get '/', action: :show, as: :group_canonical # rubocop:disable Cop/PutGroupRoutesUnderScope end scope(path: 'groups/*group_id/-', @@ -55,6 +59,8 @@ constraints(::Constraints::GroupUrlConstrainer.new) do post :toggle_subscription, on: :member end + resources :packages, only: [:index] + resources :milestones, constraints: { id: %r{[^/]+} } do member do get :merge_requests @@ -63,6 +69,8 @@ constraints(::Constraints::GroupUrlConstrainer.new) do end end + resources :releases, only: [:index] + resources :deploy_tokens, constraints: { id: /\d+/ }, only: [] do member do put :revoke @@ -104,9 +112,11 @@ constraints(::Constraints::GroupUrlConstrainer.new) do as: :group, constraints: { id: Gitlab::PathRegex.full_namespace_route_regex, format: /(html|json|atom)/ }, controller: :groups) do - get '/', action: :show - patch '/', action: :update - put '/', action: :update - delete '/', action: :destroy + # These routes are legit and the cop rule will be improved in + # https://gitlab.com/gitlab-org/gitlab/-/issues/230703 + get '/', action: :show # rubocop:disable Cop/PutGroupRoutesUnderScope + patch '/', action: :update # rubocop:disable Cop/PutGroupRoutesUnderScope + put '/', action: :update # rubocop:disable Cop/PutGroupRoutesUnderScope + delete '/', action: :destroy # rubocop:disable Cop/PutGroupRoutesUnderScope end end diff --git a/config/routes/help.rb b/config/routes/help.rb index 2ea8bfd7aed..446310ba314 100644 --- a/config/routes/help.rb +++ b/config/routes/help.rb @@ -1,5 +1,4 @@ get 'help' => 'help#index' get 'help/shortcuts' => 'help#shortcuts' -get 'help/ui' => 'help#ui' get 'help/instance_configuration' => 'help#instance_configuration' get 'help/*path' => 'help#show', as: :help_page diff --git a/config/routes/import.rb b/config/routes/import.rb index 1dc27d489f0..0d3f202ba55 100644 --- a/config/routes/import.rb +++ b/config/routes/import.rb @@ -8,6 +8,8 @@ Devise.omniauth_providers.map(&:downcase).each do |provider| end namespace :import do + resources :available_namespaces, only: [:index], controller: :available_namespaces + resource :github, only: [:create, :new], controller: :github do post :personal_access_token get :status @@ -69,7 +71,7 @@ namespace :import do resource :manifest, only: [:create, :new], controller: :manifest do get :status - get :jobs + get :realtime_changes post :upload end diff --git a/config/routes/pipelines.rb b/config/routes/pipelines.rb index c7f9bf8791c..605e82af23a 100644 --- a/config/routes/pipelines.rb +++ b/config/routes/pipelines.rb @@ -19,7 +19,6 @@ resources :pipelines, only: [:index, :new, :create, :show, :destroy] do get :failures get :status get :test_report - get :test_reports_count end resources :stages, only: [], param: :name, controller: 'pipelines/stages' do diff --git a/config/routes/profile.rb b/config/routes/profile.rb index fcf8812ee2e..6126a3b593b 100644 --- a/config/routes/profile.rb +++ b/config/routes/profile.rb @@ -22,7 +22,7 @@ resource :profile, only: [:show, :update] do end resource :notifications, only: [:show, :update] do - resources :groups, only: :update + resources :groups, only: :update, constraints: { id: Gitlab::PathRegex.full_namespace_route_regex } end resource :password, only: [:new, :create, :edit, :update] do diff --git a/config/routes/project.rb b/config/routes/project.rb index 3bd72dbf87c..d02dc974434 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -25,11 +25,24 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do # Use this scope for all new project routes. scope '-' do get 'archive/*id', constraints: { format: Gitlab::PathRegex.archive_formats_regex, id: /.+?/ }, to: 'repositories#archive', as: 'archive' - get 'metrics(/:dashboard_path)', constraints: { dashboard_path: /.+\.yml/ }, + get 'metrics(/:dashboard_path)(/:page)', constraints: { dashboard_path: /.+\.yml/, page: 'panel/new' }, to: 'metrics_dashboard#show', as: :metrics_dashboard, format: false + namespace :metrics, module: :metrics do + namespace :dashboards do + post :builder, to: 'builder#panel_preview' + end + end + resources :artifacts, only: [:index, :destroy] + resources :packages, only: [:index, :show, :destroy], module: :packages + resources :package_files, only: [], module: :packages do + member do + get :download + end + end + resources :jobs, only: [:index, :show], constraints: { id: /\d+/ } do collection do resources :artifacts, only: [] do @@ -291,10 +304,22 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do get 'details', on: :member end + post 'incidents/integrations/pagerduty', to: 'incident_management/pager_duty_incidents#create' + + resources :incidents, only: [:index] + namespace :error_tracking do resources :projects, only: :index end + resources :product_analytics, only: [:index] do + collection do + get :setup + get :test + get :graphs + end + end + resources :error_tracking, only: [:index], controller: :error_tracking do collection do get ':issue_id/details', @@ -335,6 +360,13 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do namespace :import do resource :jira, only: [:show], controller: :jira end + + resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do + member do + get :raw + post :mark_as_spam + end + end end # End of the /-/ scope. @@ -344,18 +376,18 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do # # Service Desk # - get '/service_desk' => 'service_desk#show', as: :service_desk - put '/service_desk' => 'service_desk#update', as: :service_desk_refresh + get '/service_desk' => 'service_desk#show', as: :service_desk # rubocop:todo Cop/PutProjectRoutesUnderScope + put '/service_desk' => 'service_desk#update', as: :service_desk_refresh # rubocop:todo Cop/PutProjectRoutesUnderScope # # Templates # - get '/templates/:template_type/:key' => 'templates#show', + get '/templates/:template_type/:key' => 'templates#show', # rubocop:todo Cop/PutProjectRoutesUnderScope as: :template, defaults: { format: 'json' }, constraints: { key: %r{[^/]+}, template_type: %r{issue|merge_request}, format: 'json' } - get '/description_templates/names/:template_type', + get '/description_templates/names/:template_type', # rubocop:todo Cop/PutProjectRoutesUnderScope to: 'templates#names', as: :template_names, defaults: { format: 'json' }, @@ -364,61 +396,39 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resource :pages, only: [:show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope resources :domains, except: :index, controller: 'pages_domains', constraints: { id: %r{[^/]+} } do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - post :verify - post :retry_auto_ssl - delete :clean_certificate - end - end - end - - resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope - member do - get :raw - post :mark_as_spam - end - end - - # Serve snippet routes under /-/snippets. - # To ensure an old unscoped routing is used for the UI we need to - # add prefix 'as' to the scope routing and place it below original routing. - # Issue https://gitlab.com/gitlab-org/gitlab/-/issues/29572 - scope '-', as: :scoped do - resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope - member do - get :raw - post :mark_as_spam + post :verify # rubocop:todo Cop/PutProjectRoutesUnderScope + post :retry_auto_ssl # rubocop:todo Cop/PutProjectRoutesUnderScope + delete :clean_certificate # rubocop:todo Cop/PutProjectRoutesUnderScope end end end namespace :prometheus do resources :alerts, constraints: { id: /\d+/ }, only: [:index, :create, :show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope - post :notify, on: :collection + post :notify, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope member do - get :metrics_dashboard + get :metrics_dashboard # rubocop:todo Cop/PutProjectRoutesUnderScope end end resources :metrics, constraints: { id: %r{[^\/]+} }, only: [:index, :new, :create, :edit, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope - get :active_common, on: :collection - post :validate_query, on: :collection + get :active_common, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope + post :validate_query, on: :collection # rubocop:todo Cop/PutProjectRoutesUnderScope end end - post 'alerts/notify', to: 'alerting/notifications#create' - - post 'incidents/pagerduty', to: 'incident_management/pager_duty_incidents#create' + post 'alerts/notify', to: 'alerting/notifications#create' # rubocop:todo Cop/PutProjectRoutesUnderScope draw :legacy_builds resources :hooks, only: [:index, :create, :edit, :update, :destroy], constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - post :test + post :test # rubocop:todo Cop/PutProjectRoutesUnderScope end resources :hook_logs, only: [:show] do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - post :retry + post :retry # rubocop:todo Cop/PutProjectRoutesUnderScope end end end @@ -435,7 +445,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resources :tags, only: [:index, :destroy], # rubocop: disable Cop/PutProjectRoutesUnderScope constraints: { id: Gitlab::Regex.container_registry_tag_regex } do collection do - delete :bulk_destroy + delete :bulk_destroy # rubocop:todo Cop/PutProjectRoutesUnderScope end end end @@ -444,32 +454,32 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resources :notes, only: [:create, :destroy, :update], concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - delete :delete_attachment - post :resolve - delete :resolve, action: :unresolve + delete :delete_attachment # rubocop:todo Cop/PutProjectRoutesUnderScope + post :resolve # rubocop:todo Cop/PutProjectRoutesUnderScope + delete :resolve, action: :unresolve # rubocop:todo Cop/PutProjectRoutesUnderScope end end - get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes' + get 'noteable/:target_type/:target_id/notes' => 'notes#index', as: 'noteable_notes' # rubocop:todo Cop/PutProjectRoutesUnderScope resources :todos, only: [:create] # rubocop: disable Cop/PutProjectRoutesUnderScope resources :uploads, only: [:create] do # rubocop: disable Cop/PutProjectRoutesUnderScope collection do - get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }, format: false, defaults: { format: nil } - post :authorize + get ":secret/:filename", action: :show, as: :show, constraints: { filename: %r{[^/]+} }, format: false, defaults: { format: nil } # rubocop:todo Cop/PutProjectRoutesUnderScope + post :authorize # rubocop:todo Cop/PutProjectRoutesUnderScope end end resources :runners, only: [:index, :edit, :update, :destroy, :show] do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - post :resume - post :pause + post :resume # rubocop:todo Cop/PutProjectRoutesUnderScope + post :pause # rubocop:todo Cop/PutProjectRoutesUnderScope end collection do - post :toggle_shared_runners - post :toggle_group_runners + post :toggle_shared_runners # rubocop:todo Cop/PutProjectRoutesUnderScope + post :toggle_group_runners # rubocop:todo Cop/PutProjectRoutesUnderScope end end @@ -478,34 +488,42 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do collection do scope '*ref', constraints: { ref: Gitlab::PathRegex.git_reference_regex } do constraints format: /svg/ do - get :pipeline - get :coverage + get :pipeline # rubocop:todo Cop/PutProjectRoutesUnderScope + get :coverage # rubocop:todo Cop/PutProjectRoutesUnderScope end end end end scope :usage_ping, controller: :usage_ping do - post :web_ide_clientside_preview - post :web_ide_pipelines_count + post :web_ide_clientside_preview # rubocop:todo Cop/PutProjectRoutesUnderScope + post :web_ide_pipelines_count # rubocop:todo Cop/PutProjectRoutesUnderScope end resources :web_ide_terminals, path: :ide_terminals, only: [:create, :show], constraints: { id: /\d+/, format: :json } do # rubocop: disable Cop/PutProjectRoutesUnderScope member do - post :cancel - post :retry + post :cancel # rubocop:todo Cop/PutProjectRoutesUnderScope + post :retry # rubocop:todo Cop/PutProjectRoutesUnderScope end collection do - post :check_config + post :check_config # rubocop:todo Cop/PutProjectRoutesUnderScope end end # Deprecated unscoped routing. - # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 scope as: 'deprecated' do + # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 draw :pipelines draw :repository + + # Issue https://gitlab.com/gitlab-org/gitlab/-/issues/29572 + resources :snippets, concerns: :awardable, constraints: { id: /\d+/ } do # rubocop: disable Cop/PutProjectRoutesUnderScope + member do + get :raw # rubocop:todo Cop/PutProjectRoutesUnderScope + post :mark_as_spam # rubocop:todo Cop/PutProjectRoutesUnderScope + end + end end # All new routes should go under /-/ scope. diff --git a/config/routes/repository.rb b/config/routes/repository.rb index eec204f2870..43837f2ce34 100644 --- a/config/routes/repository.rb +++ b/config/routes/repository.rb @@ -17,6 +17,7 @@ resources :commit, only: [:show], constraints: { id: /\h{7,40}/ } do post :revert post :cherry_pick get :diff_for_path + get :diff_files get :merge_requests end end diff --git a/config/routes/snippets.rb b/config/routes/snippets.rb index 1ea9a6431d8..7bb82da4910 100644 --- a/config/routes/snippets.rb +++ b/config/routes/snippets.rb @@ -17,14 +17,11 @@ resources :snippets, concerns: :awardable do end end -# Use this /-/ scope for all new snippet routes. -scope path: '-' do - get '/snippets/:snippet_id/raw/:ref/*path', - to: 'snippets/blobs#raw', - as: :snippet_blob_raw, - format: false, - constraints: { snippet_id: /\d+/ } -end +get '/snippets/:snippet_id/raw/:ref/*path', + to: 'snippets/blobs#raw', + as: :snippet_blob_raw, + format: false, + constraints: { snippet_id: /\d+/ } get '/s/:username', to: redirect('users/%{username}/snippets'), constraints: { username: /[a-zA-Z.0-9_\-]+(?<!\.atom)/ } diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 8dd60bcd65c..cda830de8f6 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -108,6 +108,8 @@ - 1 - - file_hook - 1 +- - flush_counter_increments + - 1 - - gcp_cluster - 1 - - geo @@ -176,6 +178,8 @@ - 1 - - pages_domain_verification - 1 +- - pages_update_configuration + - 1 - - personal_access_tokens - 1 - - phabricator_import_import_tasks diff --git a/config/webpack.config.js b/config/webpack.config.js index 8e51ce537c5..a5b5d0f987d 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -79,6 +79,7 @@ function generateEntries() { const manualEntries = { default: defaultEntries, sentry: './sentry/index.js', + chrome_84_icon_fix: './lib/chrome_84_icon_fix.js', }; return Object.assign(manualEntries, autoEntries); @@ -118,6 +119,15 @@ if (IS_EE) { }); } +if (!IS_PRODUCTION) { + const fixtureDir = IS_EE ? 'fixtures-ee' : 'fixtures'; + + Object.assign(alias, { + test_fixtures: path.join(ROOT_PATH, `tmp/tests/frontend/${fixtureDir}`), + test_helpers: path.join(ROOT_PATH, 'spec/frontend_integration/test_helpers'), + }); +} + let dll; if (VENDOR_DLL && !IS_PRODUCTION) { @@ -257,6 +267,8 @@ module.exports = { runtimeChunk: 'single', splitChunks: { maxInitialRequests: 20, + // In order to prevent firewalls tripping up: https://gitlab.com/gitlab-org/gitlab/-/issues/22648 + automaticNameDelimiter: '-', cacheGroups: { default: false, common: () => ({ @@ -268,7 +280,7 @@ module.exports = { monaco: { priority: 15, name: 'monaco', - chunks: 'initial', + chunks: 'all', test: /[\\/]node_modules[\\/]monaco-editor[\\/]/, minChunks: 2, reuseExistingChunk: true, diff --git a/config/webpack.vendor.config.js b/config/webpack.vendor.config.js index 548eca4200f..29c4c33314e 100644 --- a/config/webpack.vendor.config.js +++ b/config/webpack.vendor.config.js @@ -40,7 +40,7 @@ module.exports = { 'select2', 'moment-mini', 'aws-sdk', - 'sanitize-html', + 'dompurify', 'bootstrap/dist/js/bootstrap.js', 'sortablejs/modular/sortable.esm.js', 'popper.js', |