diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-19 12:35:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-19 12:35:24 +0300 |
commit | 1d20d43661f3e98bde2bb5dc163a45fd90f8ac88 (patch) | |
tree | 53feb6983348a364ed4f52a4108866bf4ff0a599 /config | |
parent | 2774ddc308f96f49a0f26871ff544681229f4eee (diff) |
Add latest changes from gitlab-org/gitlab@12-9-stable-ee
Diffstat (limited to 'config')
40 files changed, 470 insertions, 210 deletions
diff --git a/config/application.rb b/config/application.rb index be7d366c927..14e92bf5905 100644 --- a/config/application.rb +++ b/config/application.rb @@ -8,6 +8,7 @@ require 'active_record/railtie' require 'action_controller/railtie' require 'action_view/railtie' require 'action_mailer/railtie' +require 'action_cable/engine' require 'rails/test_unit/railtie' Bundler.require(*Rails.groups) @@ -258,7 +259,7 @@ module Gitlab # Full list of options: # https://api.rubyonrails.org/classes/ActiveSupport/Cache/RedisCacheStore.html#method-c-new caching_config_hash = Gitlab::Redis::Cache.params - caching_config_hash[:compress] = false + caching_config_hash[:compress] = Gitlab::Utils.to_boolean(ENV.fetch('ENABLE_REDIS_CACHE_COMPRESSION', '1')) caching_config_hash[:namespace] = Gitlab::Redis::Cache::CACHE_NAMESPACE caching_config_hash[:expires_in] = 2.weeks # Cache should not grow forever if Gitlab::Runtime.multi_threaded? @@ -285,6 +286,20 @@ module Gitlab g.factory_bot false end + # This empty initializer forces the :let_zeitwerk_take_over initializer to run before we load + # initializers in config/initializers. This is done because autoloading before Zeitwerk takes + # over is deprecated but our initializers do a lot of autoloading. + # See https://gitlab.com/gitlab-org/gitlab/issues/197346 for more details + initializer :move_initializers, before: :load_config_initializers, after: :let_zeitwerk_take_over do + end + + # We need this for initializers that need to be run before Zeitwerk is loaded + initializer :before_zeitwerk, before: :let_zeitwerk_take_over, after: :prepend_helpers_path do + Dir[Rails.root.join('config/initializers_before_autoloader/*.rb')].sort.each do |initializer| + load_config_initializer(initializer) + end + end + config.after_initialize do Rails.application.reload_routes! diff --git a/config/environments/development.rb b/config/environments/development.rb index dc804197fef..25d57467060 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -11,6 +11,9 @@ Rails.application.configure do config.consider_all_requests_local = true config.action_controller.perform_caching = false + # Show a warning when a large data set is loaded into memory + config.active_record.warn_on_records_fetched_greater_than = 1000 + # Print deprecation notices to the Rails logger config.active_support.deprecation = :log @@ -50,4 +53,16 @@ Rails.application.configure do # BetterErrors live shell (REPL) on every stack frame BetterErrors::Middleware.allow_ip!("127.0.0.1/0") + + # Reassign some performance related settings when we profile the app + if Gitlab::Utils.to_boolean(ENV['RAILS_PROFILE'].to_s) + warn "Hot-reloading is disabled as you are running with RAILS_PROFILE enabled" + config.cache_classes = true + config.eager_load = true + config.active_record.migration_error = false + config.active_record.verbose_query_logs = false + config.action_view.cache_template_loading = true + + config.middleware.delete BetterErrors::Middleware + end end diff --git a/config/environments/test.rb b/config/environments/test.rb index d8235c6220c..71cd5200415 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,7 +1,12 @@ +require 'gitlab/testing/request_blocker_middleware' +require 'gitlab/testing/request_inspector_middleware' +require 'gitlab/testing/clear_thread_memory_cache_middleware' + Rails.application.configure do # Make sure the middleware is inserted first in middleware chain config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::RequestBlockerMiddleware) config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::RequestInspectorMiddleware) + config.middleware.insert_before(ActionDispatch::Static, Gitlab::Testing::ClearThreadMemoryCacheMiddleware) # Settings specified here will take precedence over those in config/application.rb diff --git a/config/feature_categories.yml b/config/feature_categories.yml index 924bdb58682..7e3746baec5 100644 --- a/config/feature_categories.yml +++ b/config/feature_categories.yml @@ -25,8 +25,7 @@ - code_quality - code_review - collection -- compliance_controls -- compliance_frameworks +- compliance_management - container_network_security - container_registry - container_scanning @@ -37,7 +36,7 @@ - dependency_proxy - dependency_scanning - design_management -- devops_score +- devops_reports - digital_experience_management - disaster_recovery - dynamic_application_security_testing @@ -52,6 +51,7 @@ - gitaly - gitlab_handbook - gitter +- global_search - helm_chart_registry - importers - incident_management @@ -61,6 +61,8 @@ - interactive_application_security_testing - internationalization - issue_tracking +- jenkins_importer +- jira_importer - jupyter_notebooks - kanban_boards - kubernetes_management @@ -70,13 +72,14 @@ - load_testing - logging - malware_scanning -- merge_trains - metrics - omnibus_package - package_registry - pages +- pki_management +- planning_analytics - quality_management -- release_governance +- release_evidence - release_orchestration - requirements_management - responsible_disclosure @@ -86,7 +89,6 @@ - runner - runtime_application_self_protection - sdk -- search - secret_detection - secrets_management - serverless @@ -97,8 +99,6 @@ - static_site_editor - status_page - subgroups -- system_testing -- teams - templates - threat_detection - time_tracking @@ -113,4 +113,3 @@ - web_ide - web_performance - wiki -- workspaces diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index 20c75a6e255..81085d4641e 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -454,6 +454,11 @@ production: &base pseudonymizer_worker: cron: "0 * * * *" + # Elasticsearch bulk updater for incremental updates. + # NOTE: This will only take effect if elasticsearch is enabled. + elastic_index_bulk_cron_worker: + cron: "*/1 * * * *" + registry: # enabled: true # host: registry.example.com @@ -747,7 +752,9 @@ production: &base # Path to a file containing a CA certificate ca_file: '/etc/ssl/certs/CA.pem' - # Port where the client side certificate is requested by the webserver (NGINX/Apache) + # Host and port where the client side certificate is requested by the + # webserver (NGINX/Apache) + # client_certificate_required_host: smartcard.gitlab.example.com # client_certificate_required_port: 3444 # Browser session with smartcard sign-in is required for Git access @@ -1221,6 +1228,8 @@ test: gitaly: client_path: tmp/tests/gitaly token: secret + workhorse: + secret_file: tmp/gitlab_workhorse_test_secret backup: path: tmp/tests/backups pseudonymizer: diff --git a/config/initializers/0_eager_load_http_cookie.rb b/config/initializers/0_eager_load_http_cookie.rb new file mode 100644 index 00000000000..ed633fdb079 --- /dev/null +++ b/config/initializers/0_eager_load_http_cookie.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# https://gitlab.com/gitlab-org/gitlab/issues/207937 +# http-cookie is not thread-safe while loading it the first time, see: +# https://github.com/sparklemotion/http-cookie/issues/6#issuecomment-543570876 +# If we're using it, we should eagerly load it. +# For now, we have an implicit dependency on it via: +# * http +# * rest-client +require 'http/cookie_jar/hash_store' if Gem.loaded_specs.key?('http-cookie') diff --git a/config/initializers/0_license.rb b/config/initializers/0_license.rb index 19c71c34904..e7b46a14630 100644 --- a/config/initializers/0_license.rb +++ b/config/initializers/0_license.rb @@ -1,19 +1,9 @@ # frozen_string_literal: true Gitlab.ee do - begin - public_key_file = File.read(Rails.root.join(".license_encryption_key.pub")) - public_key = OpenSSL::PKey::RSA.new(public_key_file) - Gitlab::License.encryption_key = public_key - rescue - warn "WARNING: No valid license encryption key provided." - end - - # Needed to run migration - if ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('licenses') - message = LicenseHelper.license_message(signed_in: true, is_admin: true, in_html: false) - if ::License.block_changes? && message.present? - warn "WARNING: #{message}" - end - end + public_key_file = File.read(Rails.root.join(".license_encryption_key.pub")) + public_key = OpenSSL::PKey::RSA.new(public_key_file) + Gitlab::License.encryption_key = public_key +rescue + warn "WARNING: No valid license encryption key provided." end diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index aa743416e99..8d88d1bcf7c 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -77,6 +77,7 @@ end Gitlab.ee do Settings['smartcard'] ||= Settingslogic.new({}) Settings.smartcard['enabled'] = false if Settings.smartcard['enabled'].nil? + Settings.smartcard['client_certificate_required_host'] = Settings.gitlab['host'] if Settings.smartcard['client_certificate_required_host'].nil? Settings.smartcard['client_certificate_required_port'] = 3444 if Settings.smartcard['client_certificate_required_port'].nil? Settings.smartcard['required_for_git_access'] = false if Settings.smartcard['required_for_git_access'].nil? Settings.smartcard['san_extensions'] = false if Settings.smartcard['san_extensions'].nil? @@ -179,6 +180,8 @@ Settings.gitlab['email_smime'] = SmimeSignatureSettings.parse(Settings.gitlab['e Settings.gitlab['base_url'] ||= Settings.__send__(:build_base_gitlab_url) Settings.gitlab['url'] ||= Settings.__send__(:build_gitlab_url) Settings.gitlab['user'] ||= 'git' +# External configuration may cause the ssh user to differ from the GitLab user +Settings.gitlab['ssh_user'] ||= Settings.gitlab.user Settings.gitlab['user_home'] ||= begin Etc.getpwnam(Settings.gitlab['user']).dir rescue ArgumentError # no user configured @@ -245,6 +248,12 @@ Settings['incoming_email'] ||= Settingslogic.new({}) Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil? # +# Service desk email +# +Settings['service_desk_email'] ||= Settingslogic.new({}) +Settings.service_desk_email['enabled'] = false if Settings.service_desk_email['enabled'].nil? + +# # Build Artifacts # Settings['artifacts'] ||= Settingslogic.new({}) @@ -445,8 +454,11 @@ Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['job_class'] = 'Rem Settings.cron_jobs['stuck_import_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_import_jobs_worker']['cron'] ||= '15 * * * *' Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWorker' +Settings.cron_jobs['stuck_export_jobs_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['stuck_export_jobs_worker']['cron'] ||= '30 * * * *' +Settings.cron_jobs['stuck_export_jobs_worker']['job_class'] = 'StuckExportJobsWorker' Settings.cron_jobs['gitlab_usage_ping_worker'] ||= Settingslogic.new({}) -Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= Settings.__send__(:cron_for_usage_ping) +Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= nil # This is dynamically loaded in the sidekiq initializer Settings.cron_jobs['gitlab_usage_ping_worker']['job_class'] = 'GitlabUsagePingWorker' Settings.cron_jobs['stuck_merge_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_merge_jobs_worker']['cron'] ||= '0 */2 * * *' @@ -531,6 +543,12 @@ Gitlab.ee do Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['cron'] ||= '0 12 * * *' Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['job_class'] = 'UpdateMaxSeatsUsedForGitlabComSubscriptionsWorker' + Settings.cron_jobs['elastic_index_bulk_cron_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['elastic_index_bulk_cron_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['elastic_index_bulk_cron_worker']['job_class'] ||= 'ElasticIndexBulkCronWorker' + Settings.cron_jobs['sync_seat_link_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['sync_seat_link_worker']['cron'] ||= "#{rand(60)} 0 * * *" + Settings.cron_jobs['sync_seat_link_worker']['job_class'] = 'SyncSeatLinkWorker' end # @@ -551,7 +569,7 @@ Settings.gitlab_shell['receive_pack'] = true if Settings.gitlab_shell['receive Settings.gitlab_shell['upload_pack'] = true if Settings.gitlab_shell['upload_pack'].nil? Settings.gitlab_shell['ssh_host'] ||= Settings.gitlab.ssh_host Settings.gitlab_shell['ssh_port'] ||= 22 -Settings.gitlab_shell['ssh_user'] ||= Settings.gitlab.user +Settings.gitlab_shell['ssh_user'] = Settings.gitlab.ssh_user Settings.gitlab_shell['owner_group'] ||= Settings.gitlab.user Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix) Settings.gitlab_shell['git_timeout'] ||= 10800 diff --git a/config/initializers/5_backend.rb b/config/initializers/5_backend.rb index 482613dacc9..46854af9b55 100644 --- a/config/initializers/5_backend.rb +++ b/config/initializers/5_backend.rb @@ -1,6 +1,6 @@ unless Rails.env.test? required_version = Gitlab::VersionInfo.parse(Gitlab::Shell.version_required) - current_version = Gitlab::VersionInfo.parse(Gitlab::Shell.new.version) + current_version = Gitlab::VersionInfo.parse(Gitlab::Shell.version) unless current_version.valid? && required_version <= current_version warn "WARNING: This version of GitLab depends on gitlab-shell #{required_version}, but you're running #{current_version}. Please update gitlab-shell." diff --git a/config/initializers/8_devise.rb b/config/initializers/8_devise.rb index 6ed56598e15..3daddb10b29 100644 --- a/config/initializers/8_devise.rb +++ b/config/initializers/8_devise.rb @@ -226,9 +226,9 @@ Devise.setup do |config| manager.failure_app = Gitlab::DeviseFailure end - if Gitlab::Auth::LDAP::Config.enabled? - Gitlab::Auth::LDAP::Config.providers.each do |provider| - ldap_config = Gitlab::Auth::LDAP::Config.new(provider) + if Gitlab::Auth::Ldap::Config.enabled? + Gitlab::Auth::Ldap::Config.providers.each do |provider| + ldap_config = Gitlab::Auth::Ldap::Config.new(provider) config.omniauth(provider, ldap_config.omniauth_options) end end diff --git a/config/initializers/9_fast_gettext.rb b/config/initializers/9_fast_gettext.rb index fd0167aa476..f836e6e971d 100644 --- a/config/initializers/9_fast_gettext.rb +++ b/config/initializers/9_fast_gettext.rb @@ -1,9 +1,2 @@ -FastGettext.add_text_domain 'gitlab', - path: File.join(Rails.root, 'locale'), - type: :po, - ignore_fuzzy: true -FastGettext.default_text_domain = 'gitlab' FastGettext.default_available_locales = Gitlab::I18n.available_locales -FastGettext.default_locale = :en - I18n.available_locales = Gitlab::I18n.available_locales diff --git a/config/initializers/actioncable.rb b/config/initializers/actioncable.rb new file mode 100644 index 00000000000..ed96f965150 --- /dev/null +++ b/config/initializers/actioncable.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +Rails.application.configure do + # Prevents the default engine from being mounted because + # we're running ActionCable as a standalone server + config.action_cable.mount_path = nil + config.action_cable.url = Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/-/cable') +end diff --git a/config/initializers/active_record_force_reconnects.rb b/config/initializers/active_record_force_reconnects.rb new file mode 100644 index 00000000000..73dfaf5e121 --- /dev/null +++ b/config/initializers/active_record_force_reconnects.rb @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +Gitlab::Database::ConnectionTimer.configure do |config| + config.interval = Rails.application.config_for(:database)[:force_reconnect_interval] +end + +ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(Gitlab::Database::PostgresqlAdapter::ForceDisconnectableMixin) diff --git a/config/initializers/active_record_lifecycle.rb b/config/initializers/active_record_lifecycle.rb index 2cf0f0439a9..493d328b93e 100644 --- a/config/initializers/active_record_lifecycle.rb +++ b/config/initializers/active_record_lifecycle.rb @@ -14,6 +14,8 @@ end if defined?(ActiveRecord::Base) Gitlab::Cluster::LifecycleEvents.on_before_fork do + raise 'ActiveRecord connection not established. Unable to start.' unless Gitlab::Database.exists? + # the following is highly recommended for Rails + "preload_app true" # as there's no need for the master process to hold a connection ActiveRecord::Base.connection.disconnect! diff --git a/config/initializers/console_message.rb b/config/initializers/console_message.rb index 7272583f262..523a3898043 100644 --- a/config/initializers/console_message.rb +++ b/config/initializers/console_message.rb @@ -5,7 +5,7 @@ if Gitlab::Runtime.console? puts '-' * 80 puts " GitLab:".ljust(justify) + "#{Gitlab::VERSION} (#{Gitlab.revision}) #{Gitlab.ee? ? 'EE' : 'FOSS'}" - puts " GitLab Shell:".ljust(justify) + "#{Gitlab::VersionInfo.parse(Gitlab::Shell.new.version)}" + puts " GitLab Shell:".ljust(justify) + "#{Gitlab::VersionInfo.parse(Gitlab::Shell.version)}" if Gitlab::Database.exists? puts " #{Gitlab::Database.human_adapter_name}:".ljust(justify) + Gitlab::Database.version diff --git a/config/initializers/graphql.rb b/config/initializers/graphql.rb index 44a9644f481..f1bc289f1f0 100644 --- a/config/initializers/graphql.rb +++ b/config/initializers/graphql.rb @@ -5,9 +5,3 @@ GraphQL::Field.accepts_definitions(authorize: GraphQL::Define.assign_metadata_ke GraphQL::Schema::Object.accepts_definition(:authorize) GraphQL::Schema::Field.accepts_definition(:authorize) - -Gitlab::Application.config.after_initialize do - GitlabSchema.middleware << GraphQL::Schema::TimeoutMiddleware.new(max_seconds: Gitlab.config.gitlab.graphql_timeout) do |timeout_error, query| - Gitlab::GraphqlLogger.error(message: timeout_error.to_s, query: query.query_string, query_variables: query.provided_variables) - end -end diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb index fb93c3a6e12..6ba2fa39aa6 100644 --- a/config/initializers/lograge.rb +++ b/config/initializers/lograge.rb @@ -20,38 +20,6 @@ unless Gitlab::Runtime.sidekiq? config.lograge.ignore_actions = ['Gitlab::RequestForgeryProtection::Controller#index'] # Add request parameters to log output - config.lograge.custom_options = lambda do |event| - params = event.payload[:params] - .except(*%w(controller action format)) - .each_pair - .map { |k, v| { key: k, value: v } } - - payload = { - time: Time.now.utc.iso8601(3), - params: Gitlab::Utils::LogLimitedArray.log_limited_array(params), - remote_ip: event.payload[:remote_ip], - user_id: event.payload[:user_id], - username: event.payload[:username], - ua: event.payload[:ua], - queue_duration: event.payload[:queue_duration] - } - - ::Gitlab::InstrumentationHelper.add_instrumentation_data(payload) - - payload[:response] = event.payload[:response] if event.payload[:response] - payload[:etag_route] = event.payload[:etag_route] if event.payload[:etag_route] - payload[Labkit::Correlation::CorrelationId::LOG_KEY] = Labkit::Correlation::CorrelationId.current_id - - if cpu_s = Gitlab::Metrics::System.thread_cpu_duration(::Gitlab::RequestContext.instance.start_thread_cpu_time) - payload[:cpu_s] = cpu_s - end - - # https://github.com/roidrage/lograge#logging-errors--exceptions - exception = event.payload[:exception_object] - - ::Gitlab::ExceptionLogFormatter.format!(exception, payload) - - payload - end + config.lograge.custom_options = Gitlab::Lograge::CustomOptions end end diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index ef23ca065c6..a2720ab9986 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -1,6 +1,6 @@ -if Gitlab::Auth::LDAP::Config.enabled? +if Gitlab::Auth::Ldap::Config.enabled? module OmniAuth::Strategies - Gitlab::Auth::LDAP::Config.available_servers.each do |server| + Gitlab::Auth::Ldap::Config.available_servers.each do |server| # do not redeclare LDAP next if server['provider_name'] == 'ldap' @@ -16,3 +16,7 @@ OmniAuth.config.allowed_request_methods << :get if Gitlab.config.omniauth.auto_s OmniAuth.config.before_request_phase do |env| Gitlab::RequestForgeryProtection.call(env) end + +# Use json formatter +OmniAuth.config.logger.formatter = Gitlab::OmniauthLogging::JSONFormatter.new +OmniAuth.config.logger.level = Logger::ERROR if Rails.env.production? diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index b90a04a19e1..fa4fc2d2c7b 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'sidekiq/web' def enable_reliable_fetch? @@ -34,15 +36,6 @@ use_sidekiq_legacy_memory_killer = !use_sidekiq_daemon_memory_killer use_request_store = ENV.fetch('SIDEKIQ_REQUEST_STORE', 1).to_i.nonzero? Sidekiq.configure_server do |config| - config.redis = queues_config_hash - - config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator({ - metrics: Settings.monitoring.sidekiq_exporter, - arguments_logger: ENV['SIDEKIQ_LOG_ARGUMENTS'] && !enable_json_logs, - memory_killer: enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer, - request_store: use_request_store - })) - if enable_json_logs Sidekiq.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new config.options[:job_logger] = Gitlab::SidekiqLogging::StructuredLogger @@ -52,6 +45,15 @@ Sidekiq.configure_server do |config| config.error_handlers << Gitlab::SidekiqLogging::ExceptionHandler.new end + config.redis = queues_config_hash + + config.server_middleware(&Gitlab::SidekiqMiddleware.server_configurator({ + metrics: Settings.monitoring.sidekiq_exporter, + arguments_logger: ENV['SIDEKIQ_LOG_ARGUMENTS'] && !enable_json_logs, + memory_killer: enable_sidekiq_memory_killer && use_sidekiq_legacy_memory_killer, + request_store: use_request_store + })) + config.client_middleware(&Gitlab::SidekiqMiddleware.client_configurator) config.on :startup do @@ -71,6 +73,8 @@ Sidekiq.configure_server do |config| Sidekiq::ReliableFetch.setup_reliable_fetch!(config) end + Gitlab.config.load_dynamic_cron_schedules! + # Sidekiq-cron: load recurring jobs from gitlab.yml # UGLY Hack to get nested hash from settingslogic cron_jobs = JSON.parse(Gitlab.config.cron_jobs.to_json) @@ -104,6 +108,11 @@ end Sidekiq.configure_client do |config| config.redis = queues_config_hash + # We only need to do this for other clients. If Sidekiq-server is the + # client scheduling jobs, we have access to the regular sidekiq logger that + # writes to STDOUT + Sidekiq.logger = Gitlab::SidekiqLogging::ClientLogger.build + Sidekiq.logger.formatter = Gitlab::SidekiqLogging::JSONFormatter.new if enable_json_logs config.client_middleware(&Gitlab::SidekiqMiddleware.client_configurator) end diff --git a/config/initializers/sidekiq_cluster.rb b/config/initializers/sidekiq_cluster.rb index baa7495aa29..4622984fe0c 100644 --- a/config/initializers/sidekiq_cluster.rb +++ b/config/initializers/sidekiq_cluster.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -if ENV['ENABLE_SIDEKIQ_CLUSTER'] && Gitlab.ee? +if ENV['ENABLE_SIDEKIQ_CLUSTER'] Thread.new do Thread.current.abort_on_exception = true diff --git a/config/initializers/tracing.rb b/config/initializers/tracing.rb index aaf74eb4cd3..f26fb18f3ea 100644 --- a/config/initializers/tracing.rb +++ b/config/initializers/tracing.rb @@ -5,22 +5,6 @@ if Labkit::Tracing.enabled? config.middleware.insert_after Labkit::Middleware::Rack, ::Labkit::Tracing::RackMiddleware end - # Instrument the Sidekiq client - Sidekiq.configure_client do |config| - config.client_middleware do |chain| - chain.add Labkit::Tracing::Sidekiq::ClientMiddleware - end - end - - # Instrument Sidekiq server calls when running Sidekiq server - if Gitlab::Runtime.sidekiq? - Sidekiq.configure_server do |config| - config.server_middleware do |chain| - chain.add Labkit::Tracing::Sidekiq::ServerMiddleware - end - end - end - # Instrument Redis Labkit::Tracing::Redis.instrument diff --git a/config/initializers/0_inflections.rb b/config/initializers_before_autoloader/000_inflections.rb index 5c38859a667..1fabce9a57e 100644 --- a/config/initializers/0_inflections.rb +++ b/config/initializers_before_autoloader/000_inflections.rb @@ -28,4 +28,5 @@ ActiveSupport::Inflector.inflections do |inflect| vulnerability_feedback ) inflect.acronym 'EE' + inflect.acronym 'CSP' end diff --git a/config/initializers_before_autoloader/001_fast_gettext.rb b/config/initializers_before_autoloader/001_fast_gettext.rb new file mode 100644 index 00000000000..ede38450582 --- /dev/null +++ b/config/initializers_before_autoloader/001_fast_gettext.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +FastGettext.add_text_domain 'gitlab', + path: File.join(Rails.root, 'locale'), + type: :po, + ignore_fuzzy: true +FastGettext.default_text_domain = 'gitlab' +FastGettext.default_locale = :en diff --git a/config/initializers_before_autoloader/100_patch_omniauth_saml.rb b/config/initializers_before_autoloader/100_patch_omniauth_saml.rb new file mode 100644 index 00000000000..d46842ed9a0 --- /dev/null +++ b/config/initializers_before_autoloader/100_patch_omniauth_saml.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'omniauth/strategies/saml' + +module OmniAuth + module Strategies + class SAML + # NOTE: This method duplicates code from omniauth-saml + # so that we can access authn_request to store it + # See: https://github.com/omniauth/omniauth-saml/issues/172 + def request_phase + authn_request = OneLogin::RubySaml::Authrequest.new + + store_authn_request_id(authn_request) + + with_settings do |settings| + redirect(authn_request.create(settings, additional_params_for_authn_request)) + end + end + + private + + def store_authn_request_id(authn_request) + Gitlab::Auth::Saml::OriginValidator.new(session).store_origin(authn_request) + end + end + end +end diff --git a/config/locales/carrierwave.en.yml b/config/locales/carrierwave.en.yml index 12619226460..864ec8fd73f 100644 --- a/config/locales/carrierwave.en.yml +++ b/config/locales/carrierwave.en.yml @@ -6,8 +6,8 @@ en: carrierwave_download_error: could not be downloaded extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" - content_type_whitelist_error: "You are not allowed to upload %{content_type} files" - content_type_blacklist_error: "You are not allowed to upload %{content_type} files" + content_type_whitelist_error: "file format is not supported. Please try one of the following supported formats: %{allowed_types}" + content_type_blacklist_error: "You are not allowed to upload %{content_type} files, prohibited types: %{allowed_types}" rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?" mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}" min_size_error: "File size should be greater than %{min_size}" diff --git a/config/locales/en.yml b/config/locales/en.yml index dabcefba169..c95232ae540 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -20,6 +20,8 @@ en: token: "Grafana HTTP API Token" grafana_url: "Grafana API URL" grafana_enabled: "Grafana integration enabled" + user/user_detail: + job_title: 'Job title' views: pagination: previous: "Prev" diff --git a/config/prometheus/common_metrics.yml b/config/prometheus/common_metrics.yml index 314ee44ed71..85833cc1968 100644 --- a/config/prometheus/common_metrics.yml +++ b/config/prometheus/common_metrics.yml @@ -1,6 +1,74 @@ dashboard: 'Environment metrics' priority: 1 panel_groups: +- group: System metrics (Kubernetes) + priority: 15 + panels: + - title: "Memory Usage (Total)" + type: "area-chart" + y_label: "Total Memory Used (GB)" + weight: 4 + metrics: + - id: system_metrics_kubernetes_container_memory_total + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) /1024/1024/1024' + label: Total (GB) + unit: GB + - title: "Core Usage (Total)" + type: "area-chart" + y_label: "Total Cores" + weight: 3 + metrics: + - id: system_metrics_kubernetes_container_cores_total + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job)' + label: Total (cores) + unit: "cores" + - title: "Memory Usage (Pod average)" + type: "line-chart" + y_label: "Memory Used per Pod (MB)" + weight: 2 + metrics: + - id: system_metrics_kubernetes_container_memory_average + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' + label: Pod average (MB) + unit: MB + - title: "Canary: Memory Usage (Pod Average)" + type: "line-chart" + y_label: "Memory Used per Pod (MB)" + weight: 2 + metrics: + - id: system_metrics_kubernetes_container_memory_average_canary + query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' + label: Pod average (MB) + unit: MB + track: canary + - title: "Core Usage (Pod Average)" + type: "line-chart" + y_label: "Cores per Pod" + weight: 1 + metrics: + - id: system_metrics_kubernetes_container_core_usage + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' + label: Pod average (cores) + unit: "cores" + - title: "Canary: Core Usage (Pod Average)" + type: "line-chart" + y_label: "Cores per Pod" + weight: 1 + metrics: + - id: system_metrics_kubernetes_container_core_usage_canary + query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' + label: Pod average (cores) + unit: "cores" + track: canary + - title: "Knative function invocations" + type: "area-chart" + y_label: "Invocations" + weight: 1 + metrics: + - id: system_metrics_knative_function_invocation_count + query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="%{kube_namespace}", destination_service=~"%{function_name}.*"}[1m])*60))' + label: invocations / minute + unit: requests # NGINX Ingress metrics for pre-0.16.0 versions - group: Response metrics (NGINX Ingress VTS) priority: 10 @@ -17,6 +85,8 @@ panel_groups: - title: "Latency" type: "area-chart" y_label: "Latency (ms)" + y_axis: + format: milliseconds weight: 1 metrics: - id: response_metrics_nginx_ingress_latency_pod_average @@ -26,6 +96,8 @@ panel_groups: - title: "HTTP Error Rate" type: "area-chart" y_label: "HTTP Errors (%)" + y_axis: + format: percentHundred weight: 1 metrics: - id: response_metrics_nginx_ingress_http_error_rate @@ -138,77 +210,11 @@ panel_groups: - title: "HTTP Error Rate (Errors / Sec)" type: "area-chart" y_label: "HTTP 500 Errors / Sec" + y_axis: + precision: 0 weight: 1 metrics: - id: response_metrics_nginx_http_error_rate query_range: 'sum(rate(nginx_server_requests{code="5xx", %{environment_filter}}[2m]))' label: HTTP Errors unit: "errors / sec" -- group: System metrics (Kubernetes) - priority: 5 - panels: - - title: "Memory Usage (Total)" - type: "area-chart" - y_label: "Total Memory Used (GB)" - weight: 4 - metrics: - - id: system_metrics_kubernetes_container_memory_total - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) /1024/1024/1024' - label: Total (GB) - unit: GB - - title: "Core Usage (Total)" - type: "area-chart" - y_label: "Total Cores" - weight: 3 - metrics: - - id: system_metrics_kubernetes_container_cores_total - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job)' - label: Total (cores) - unit: "cores" - - title: "Memory Usage (Pod average)" - type: "line-chart" - y_label: "Memory Used per Pod (MB)" - weight: 2 - metrics: - - id: system_metrics_kubernetes_container_memory_average - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' - label: Pod average (MB) - unit: MB - - title: "Canary: Memory Usage (Pod Average)" - type: "line-chart" - y_label: "Memory Used per Pod (MB)" - weight: 2 - metrics: - - id: system_metrics_kubernetes_container_memory_average_canary - query_range: 'avg(sum(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) by (job)) without (job) / count(avg(container_memory_usage_bytes{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}) without (job)) /1024/1024' - label: Pod average (MB) - unit: MB - track: canary - - title: "Core Usage (Pod Average)" - type: "line-chart" - y_label: "Cores per Pod" - weight: 1 - metrics: - - id: system_metrics_kubernetes_container_core_usage - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-([^c].*|c([^a]|a([^n]|n([^a]|a([^r]|r[^y])))).*|)-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' - label: Pod average (cores) - unit: "cores" - - title: "Canary: Core Usage (Pod Average)" - type: "line-chart" - y_label: "Cores per Pod" - weight: 1 - metrics: - - id: system_metrics_kubernetes_container_core_usage_canary - query_range: 'avg(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (job)) without (job) / count(sum(rate(container_cpu_usage_seconds_total{container_name!="POD",pod_name=~"^%{ci_environment_slug}-canary-(.*)",namespace="%{kube_namespace}"}[15m])) by (pod_name))' - label: Pod average (cores) - unit: "cores" - track: canary - - title: "Knative function invocations" - type: "area-chart" - y_label: "Invocations" - weight: 1 - metrics: - - id: system_metrics_knative_function_invocation_count - query_range: 'sum(ceil(rate(istio_requests_total{destination_service_namespace="%{kube_namespace}", destination_service=~"%{function_name}.*"}[1m])*60))' - label: invocations / minute - unit: requests diff --git a/config/puma_actioncable.example.development.rb b/config/puma_actioncable.example.development.rb new file mode 100644 index 00000000000..aef15da54f9 --- /dev/null +++ b/config/puma_actioncable.example.development.rb @@ -0,0 +1,88 @@ +# frozen_string_literal: true + +# ----------------------------------------------------------------------- +# This file is used by the GDK to generate a default config/puma_actioncable.rb file +# Note that `/home/git` will be substituted for the actual GDK root +# directory when this file is generated +# ----------------------------------------------------------------------- + +# Load "path" as a rackup file. +# +# The default is "cable/config.ru". +# +rackup 'cable/config.ru' +pidfile '/home/git/gitlab/tmp/pids/puma_actioncable.pid' +state_path '/home/git/gitlab/tmp/pids/puma_actioncable.state' + +## Uncomment the lines if you would like to write puma stdout & stderr streams +## to a different location than rails logs. +## When using GitLab Development Kit, by default, these logs will be consumed +## by runit and can be accessed using `gdk tail rails-actioncable` +# stdout_redirect '/home/git/gitlab/log/puma_actioncable.stdout.log', +# '/home/git/gitlab/log/puma_actioncable.stderr.log', +# true + +# Configure "min" to be the minimum number of threads to use to answer +# requests and "max" the maximum. +# +# The default is "0, 16". +# +threads 1, 4 + +# By default, workers accept all requests and queue them to pass to handlers. +# When false, workers accept the number of simultaneous requests configured. +# +# Queueing requests generally improves performance, but can cause deadlocks if +# the app is waiting on a request to itself. See https://github.com/puma/puma/issues/612 +# +# When set to false this may require a reverse proxy to handle slow clients and +# queue requests before they reach puma. This is due to disabling HTTP keepalive +queue_requests false + +# Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only +# accepted protocols. +bind 'unix:///home/git/gitlab_actioncable.socket' + +workers 2 + +require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events" + +on_restart do + # Signal application hooks that we're about to restart + Gitlab::Cluster::LifecycleEvents.do_before_master_restart +end + +before_fork do + # Signal to the puma killer + Gitlab::Cluster::PumaWorkerKillerInitializer.start @config.options unless ENV['DISABLE_PUMA_WORKER_KILLER'] + + # Signal application hooks that we're about to fork + Gitlab::Cluster::LifecycleEvents.do_before_fork +end + +Gitlab::Cluster::LifecycleEvents.set_puma_options @config.options +on_worker_boot do + # Signal application hooks of worker start + Gitlab::Cluster::LifecycleEvents.do_worker_start +end + +# Preload the application before starting the workers; this conflicts with +# phased restart feature. (off by default) + +preload_app! + +tag 'gitlab-actioncable-puma-worker' + +# Verifies that all workers have checked in to the master process within +# the given timeout. If not the worker process will be restarted. Default +# value is 60 seconds. +# +worker_timeout 60 + +# Use json formatter +require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter" + +json_formatter = Gitlab::PumaLogging::JSONFormatter.new +log_formatter do |str| + json_formatter.call(str) +end diff --git a/config/routes.rb b/config/routes.rb index 16b15e5300a..466555eeee8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -121,10 +121,7 @@ Rails.application.routes.draw do draw :country draw :country_state draw :subscription - - constraints(-> (*) { Gitlab::Analytics.any_features_enabled? }) do - draw :analytics - end + draw :analytics end if ENV['GITLAB_CHAOS_SECRET'] || Rails.env.development? || Rails.env.test? @@ -136,6 +133,9 @@ Rails.application.routes.draw do get :kill end end + + # Notification settings + resources :notification_settings, only: [:create, :update] end concern :clusterable do @@ -184,9 +184,6 @@ Rails.application.routes.draw do # Spam reports resources :abuse_reports, only: [:new, :create] - # Notification settings - resources :notification_settings, only: [:create, :update] - resources :groups, only: [:index, :new, :create] do post :preview_markdown end diff --git a/config/routes/admin.rb b/config/routes/admin.rb index 5210b84c8ba..c92484316e4 100644 --- a/config/routes/admin.rb +++ b/config/routes/admin.rb @@ -33,7 +33,7 @@ namespace :admin do resources :gitaly_servers, only: [:index] namespace :serverless do - resources :domains, only: [:index, :create, :update] do + resources :domains, only: [:index, :create, :update, :destroy] do member do post '/verify', to: 'domains#verify' end @@ -121,6 +121,11 @@ namespace :admin do get '/', to: redirect('admin/application_settings/general'), as: nil resources :services, only: [:index, :edit, :update] + resources :integrations, only: [:edit, :update, :test] do + member do + put :test + end + end get :usage_data put :reset_registration_token diff --git a/config/routes/git_http.rb b/config/routes/git_http.rb index 593f818e434..fb8119904ea 100644 --- a/config/routes/git_http.rb +++ b/config/routes/git_http.rb @@ -32,6 +32,14 @@ concern :lfsable do end end +# Git route for personal and project snippets +scope(path: ':namespace_id/:repository_id', + format: nil, + constraints: { namespace_id: Gitlab::PathRegex.personal_and_project_snippets_path_regex, repository_id: /\d+\.git/ }, + module: :repositories) do + concerns :gitactionable +end + scope(path: '*namespace_id/:repository_id', format: nil, constraints: { namespace_id: Gitlab::PathRegex.full_namespace_route_regex }) do diff --git a/config/routes/group.rb b/config/routes/group.rb index 68e239faf6d..1d51b3fb6fe 100644 --- a/config/routes/group.rb +++ b/config/routes/group.rb @@ -29,6 +29,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do put :reset_registration_token patch :update_auto_devops + post :create_deploy_token, path: 'deploy_token/create' end end @@ -49,6 +50,12 @@ constraints(::Constraints::GroupUrlConstrainer.new) do end end + resources :deploy_tokens, constraints: { id: /\d+/ }, only: [] do + member do + put :revoke + end + end + resource :avatar, only: [:destroy] concerns :clusterable diff --git a/config/routes/import.rb b/config/routes/import.rb index 9fe2688de1e..57a1fab48e9 100644 --- a/config/routes/import.rb +++ b/config/routes/import.rb @@ -60,6 +60,7 @@ namespace :import do resource :gitlab_project, only: [:create, :new] do post :create + post :authorize end resource :manifest, only: [:create, :new], controller: :manifest do diff --git a/config/routes/merge_requests.rb b/config/routes/merge_requests.rb index f9670a5bf6e..fe58649b684 100644 --- a/config/routes/merge_requests.rb +++ b/config/routes/merge_requests.rb @@ -14,6 +14,7 @@ resources :merge_requests, concerns: :awardable, except: [:new, :create, :show], post :rebase get :test_reports get :exposed_artifacts + get :coverage_reports scope constraints: ->(req) { req.format == :json }, as: :json do get :commits diff --git a/config/routes/project.rb b/config/routes/project.rb index f153082f118..c37b5528f71 100644 --- a/config/routes/project.rb +++ b/config/routes/project.rb @@ -68,7 +68,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end namespace :settings do - get :members, to: redirect("%{namespace_id}/%{project_id}/project_members") + get :members, to: redirect("%{namespace_id}/%{project_id}/-/project_members") resource :ci_cd, only: [:show, :update], controller: 'ci_cd' do post :reset_cache @@ -79,7 +79,9 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resource :integrations, only: [:show] resource :repository, only: [:show], controller: :repository do - post :create_deploy_token, path: 'deploy_token/create' + # TODO: Move 'create_deploy_token' here to the ':ci_cd' resource above during 12.9. + # More details here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24102#note_287572556 + post :create_deploy_token, path: 'deploy_token/create', to: 'ci_cd#create_deploy_token' post :cleanup end end @@ -169,6 +171,14 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do resources :releases, only: [:index, :show, :edit], param: :tag, constraints: { tag: %r{[^/]+} } do member do get :evidence + get :downloads, path: 'downloads/*filepath', format: false + end + end + + resources :logs, only: [:index] do + collection do + get :k8s + get :elasticsearch end end @@ -252,7 +262,11 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end namespace :performance_monitoring do - resources :dashboards, only: [:create] + resources :dashboards, only: [:create] do + collection do + put '/:file_name', to: 'dashboards#update', constraints: { file_name: /.+\.yml/ } + end + end end namespace :error_tracking do @@ -273,6 +287,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do end end + draw :issues draw :merge_requests # The wiki and repository routing contains wildcard characters so @@ -280,6 +295,12 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do draw :repository_scoped draw :repository draw :wiki + + namespace :import do + resource :jira, only: [:show], controller: :jira do + post :import + end + end end # End of the /-/ scope. @@ -395,12 +416,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do # Unscoped route. It will be replaced with redirect to /-/issues/ # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 - draw :issues - - # To ensure an old unscoped routing is used for the UI we need to - # add prefix 'as' to the scope routing and place it below original routing. - # Issue https://gitlab.com/gitlab-org/gitlab/issues/118849 - scope '-', as: 'scoped' do + scope as: 'deprecated' do draw :issues end diff --git a/config/routes/user.rb b/config/routes/user.rb index fe7a0aa3233..9db3a71a270 100644 --- a/config/routes/user.rb +++ b/config/routes/user.rb @@ -10,9 +10,9 @@ def override_omniauth(provider, controller, path_prefix = '/users/auth') end # Use custom controller for LDAP omniauth callback -if Gitlab::Auth::LDAP::Config.sign_in_enabled? +if Gitlab::Auth::Ldap::Config.sign_in_enabled? devise_scope :user do - Gitlab::Auth::LDAP::Config.available_servers.each do |server| + Gitlab::Auth::Ldap::Config.available_servers.each do |server| override_omniauth(server['provider_name'], 'ldap/omniauth_callbacks') end end diff --git a/config/settings.rb b/config/settings.rb index 767c6c56337..144a068ef2a 100644 --- a/config/settings.rb +++ b/config/settings.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'settingslogic' require 'digest/md5' @@ -42,7 +44,8 @@ class Settings < Settingslogic end def build_gitlab_shell_ssh_path_prefix - user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}" + user = "#{gitlab_shell.ssh_user}@" unless gitlab_shell.ssh_user.empty? + user_host = "#{user}#{gitlab_shell.ssh_host}" if gitlab_shell.ssh_port != 22 "ssh://#{user_host}:#{gitlab_shell.ssh_port}/" @@ -143,6 +146,10 @@ class Settings < Settingslogic Gitlab::Application.secrets.db_key_base end + def load_dynamic_cron_schedules! + cron_jobs['gitlab_usage_ping_worker']['cron'] ||= cron_for_usage_ping + end + private def base_url(config) diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml index 1cb19d18a0d..2dc2f33e71e 100644 --- a/config/sidekiq_queues.yml +++ b/config/sidekiq_queues.yml @@ -28,6 +28,10 @@ - 1 - - admin_emails - 1 +- - analytics_code_review_metrics + - 1 +- - authorized_keys + - 2 - - authorized_projects - 2 - - auto_devops @@ -228,6 +232,10 @@ - 2 - - service_desk_email_receiver - 1 +- - status_page_publish_incident + - 1 +- - sync_seat_link_request + - 1 - - system_hook_push - 1 - - todos_destroyer @@ -244,3 +252,5 @@ - 1 - - web_hook - 1 +- - x509_certificate_revoke + - 1 diff --git a/config/webpack.config.js b/config/webpack.config.js index 639de770fd8..e220482d769 100644 --- a/config/webpack.config.js +++ b/config/webpack.config.js @@ -117,23 +117,18 @@ if (IS_EE) { }); } -// if there is a compiled DLL with a matching hash string, use it let dll; if (VENDOR_DLL && !IS_PRODUCTION) { const dllHash = vendorDllHash(); const dllCachePath = path.join(ROOT_PATH, `tmp/cache/webpack-dlls/${dllHash}`); - if (fs.existsSync(dllCachePath)) { - console.log(`Using vendor DLL found at: ${dllCachePath}`); - dll = { - manifestPath: path.join(dllCachePath, 'vendor.dll.manifest.json'), - cacheFrom: dllCachePath, - cacheTo: path.join(ROOT_PATH, `public/assets/webpack/dll.${dllHash}/`), - publicPath: `dll.${dllHash}/vendor.dll.bundle.js`, - }; - } else { - console.log(`Warning: No vendor DLL found at: ${dllCachePath}. DllPlugin disabled.`); - } + dll = { + manifestPath: path.join(dllCachePath, 'vendor.dll.manifest.json'), + cacheFrom: dllCachePath, + cacheTo: path.join(ROOT_PATH, `public/assets/webpack/dll.${dllHash}/`), + publicPath: `dll.${dllHash}/vendor.dll.bundle.js`, + exists: null, + }; } module.exports = { @@ -166,7 +161,9 @@ module.exports = { }, { test: /\.js$/, - exclude: path => /node_modules|vendor[\\/]assets/.test(path) && !/\.vue\.js/.test(path), + exclude: path => + /node_modules\/(?!tributejs)|node_modules|vendor[\\/]assets/.test(path) && + !/\.vue\.js/.test(path), loader: 'babel-loader', options: { cacheDirectory: path.join(CACHE_PATH, 'babel-loader'), @@ -314,6 +311,51 @@ module.exports = { jQuery: 'jquery', }), + // if DLLs are enabled, detect whether the DLL exists and create it automatically if necessary + dll && { + apply(compiler) { + compiler.hooks.beforeCompile.tapAsync('DllAutoCompilePlugin', (params, callback) => { + if (dll.exists) { + callback(); + } else if (fs.existsSync(dll.manifestPath)) { + console.log(`Using vendor DLL found at: ${dll.cacheFrom}`); + dll.exists = true; + callback(); + } else { + console.log( + `Warning: No vendor DLL found at: ${dll.cacheFrom}. Compiling DLL automatically.`, + ); + + const dllConfig = require('./webpack.vendor.config.js'); + const dllCompiler = webpack(dllConfig); + + dllCompiler.run((err, stats) => { + if (err) { + return callback(err); + } + + const info = stats.toJson(); + + if (stats.hasErrors()) { + console.error(info.errors.join('\n\n')); + return callback('DLL not compiled successfully.'); + } + + if (stats.hasWarnings()) { + console.warn(info.warnings.join('\n\n')); + console.warn('DLL compiled with warnings.'); + } else { + console.log('DLL compiled successfully.'); + } + + dll.exists = true; + callback(); + }); + } + }); + }, + }, + // reference our compiled DLL modules dll && new webpack.DllReferencePlugin({ diff --git a/config/webpack.vendor.config.js b/config/webpack.vendor.config.js index 90736349d91..7ecb9b06fdd 100644 --- a/config/webpack.vendor.config.js +++ b/config/webpack.vendor.config.js @@ -15,6 +15,9 @@ module.exports = { extensions: ['.js'], }, + // ensure output is not generated when errors are encountered + bail: true, + context: ROOT_PATH, entry: { |