diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-17 21:09:52 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-17 21:09:52 +0300 |
commit | 003efb27fc4d7d0571979553c602fccfbf5ad0c2 (patch) | |
tree | 721ec9af57108c73fc5c4c7a06e996800ead367e /doc | |
parent | 78a5f872de316860ccd7a983c10805bf6c6b771c (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/administration/auth/ldap/ldap-troubleshooting.md | 6 | ||||
-rw-r--r-- | doc/api/merge_request_approvals.md | 83 | ||||
-rw-r--r-- | doc/ci/triggers/index.md | 10 | ||||
-rw-r--r-- | doc/user/permissions.md | 1 | ||||
-rw-r--r-- | doc/user/profile/personal_access_tokens.md | 8 | ||||
-rw-r--r-- | doc/user/project/members/share_project_with_groups.md | 2 | ||||
-rw-r--r-- | doc/user/project/merge_requests/changes.md | 60 |
7 files changed, 166 insertions, 4 deletions
diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md index eb1ee203469..39546345355 100644 --- a/doc/administration/auth/ldap/ldap-troubleshooting.md +++ b/doc/administration/auth/ldap/ldap-troubleshooting.md @@ -393,6 +393,12 @@ the rails console. UIDs here should match the 'Identifier' from the LDAP identity checked earlier. If it doesn't, the user does not appear to be in the LDAP group. +#### Cannot add service account user to group when LDAP sync is enabled + +When LDAP sync is enabled for a group, you cannot use the "invite" dialog to invite new group members. + +To resolve this issue in GitLab 16.8 and later, you can invite service accounts to and remove them from a group using the [group members API endpoints](../../../api/members.md#add-a-member-to-a-group-or-project). + #### Administrator privileges not granted When [Administrator sync](ldap_synchronization.md#administrator-sync) has been configured diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md index c150eda720c..2f33040acb0 100644 --- a/doc/api/merge_request_approvals.md +++ b/doc/api/merge_request_approvals.md @@ -13,6 +13,89 @@ Configuration for [approvals on all merge requests](../user/project/merge_requests/approvals/index.md) in the project. Must be authenticated for all endpoints. +## Group-level MR approvals **(EXPERIMENT)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/428051) in GitLab 16.7 [with a flag](../administration/feature_flags.md) named `approval_group_rules`. Disabled by default. This feature is an [Experiment](../policy/experiment-beta-support.md). + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../administration/feature_flags.md) named `approval_group_rules`. +On GitLab.com, this feature is not available. +This feature is not ready for production use. + +Group approval rules apply to all protected branches of projects belonging to the group. This feature is an [Experiment](../policy/experiment-beta-support.md). + +### Create group-level approval rules + +Users with at least the Maintainer role can create group level approval rules using the following endpoint: + +```plaintext +POST /groups/:id/approval_rules +``` + +Supported attributes: + +| Attribute | Type | Required | Description | +|-------------------------------------|-------------------|------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `id` | integer or string | Yes | The ID or [URL-encoded path of a group](rest/index.md#namespaced-path-encoding). | +| `approvals_required` | integer | Yes | The number of required approvals for this rule. | +| `name` | string | Yes | The name of the approval rule. | +| `group_ids` | array | No | The IDs of groups as approvers. | +| `report_type` | string | No | The report type required when the rule type is `report_approver`. The supported report types are `license_scanning` [(Deprecated in GitLab 15.9)](../update/deprecations.md#license-check-and-the-policies-tab-on-the-license-compliance-page) and `code_coverage`. | +| `rule_type` | string | No | The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Other rules are `regular` and `report_approver`. | +| `user_ids` | array | No | The IDs of users as approvers. | + +Example request: + +```shell +curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \ + --url "https://gitlab.example.com/api/v4/groups/29/approval_rules?name=security&approvals_required=2" +``` + +Example response: + +```json +{ + "id": 5, + "name": "security", + "rule_type": "any_approver", + "eligible_approvers": [], + "approvals_required": 2, + "users": [], + "groups": [], + "contains_hidden_groups": false, + "protected_branches": [ + { + "id": 5, + "name": "master", + "push_access_levels": [ + { + "id": 5, + "access_level": 40, + "access_level_description": "Maintainers", + "deploy_key_id": null, + "user_id": null, + "group_id": null + } + ], + "merge_access_levels": [ + { + "id": 5, + "access_level": 40, + "access_level_description": "Maintainers", + "user_id": null, + "group_id": null + } + ], + "allow_force_push": false, + "unprotect_access_levels": [], + "code_owner_approval_required": false, + "inherited": false + } + ], + "applies_to_all_protected_branches": true +} +``` + ## Project-level MR approvals ### Get Configuration diff --git a/doc/ci/triggers/index.md b/doc/ci/triggers/index.md index 4eee34af402..49ff0ee2356 100644 --- a/doc/ci/triggers/index.md +++ b/doc/ci/triggers/index.md @@ -39,10 +39,12 @@ To create a trigger token: - You can only see the first 4 characters for tokens created by other project members. WARNING: -It is a security risk to save tokens in plain text in public projects. Potential -attackers could use a trigger token exposed in the `.gitlab-ci.yml` file to impersonate -the user that created the token. Use [masked CI/CD variables](../variables/index.md#mask-a-cicd-variable) -to improve the security of trigger tokens. +It is a security risk to save tokens in plain text in public projects, or store them +in a way that malicious users could access them. A leaked trigger token could be +used to force an unscheduled deployment, attempt to access CI/CD variables, +or other malicious uses. [Masked CI/CD variables](../variables/index.md#mask-a-cicd-variable) +help improve the security of trigger tokens. For more information about keeping tokens secure, +see the [security considerations](../../security/token_overview.md#security-considerations). ## Trigger a pipeline diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 05633cac3b0..84e9533f725 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -416,6 +416,7 @@ The following table lists group permissions available for each role: | [Migrate groups](group/import/index.md) | | | | | ✓ | | Manage [subscriptions, and purchase storage and compute minutes](../subscriptions/gitlab_com/index.md) | | | | | ✓ | | Manage group-level custom roles | | | | | ✓ | +| Manage [group approval rules](project/merge_requests/approvals/settings.md) (group settings) | | | | ✓ | ✓ | <!-- markdownlint-disable MD029 --> diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md index dec42e74a58..2e6bd44ff3b 100644 --- a/doc/user/profile/personal_access_tokens.md +++ b/doc/user/profile/personal_access_tokens.md @@ -85,6 +85,14 @@ At any time, you can revoke a personal access token. 1. In the **Active personal access tokens** area, select **Revoke** for the relevant token. 1. On the confirmation dialog, select **Revoke**. +## Disable personal access tokens **(PREMIUM SELF)** + +Prerequisites: + +- You must be an administrator. + +In GitLab 15.7 and later, you can [use the application settings API to disable personal access tokens](../../api/settings.md#list-of-settings-that-can-be-accessed-via-api-calls). + ## View the last time a token was used > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/33162) in GitLab 13.2. Token usage information is updated every 24 hours. diff --git a/doc/user/project/members/share_project_with_groups.md b/doc/user/project/members/share_project_with_groups.md index bf8a7468199..38cf2403841 100644 --- a/doc/user/project/members/share_project_with_groups.md +++ b/doc/user/project/members/share_project_with_groups.md @@ -39,6 +39,7 @@ In addition: - An _internal_ group to a _public_ project. - A _public_ group to a _public_ project. +- If a group in the project's hierarchy [does not allow sub-projects to be shared with groups](../../group/access_and_permissions.md#prevent-a-project-from-being-shared-with-groups), the option to **Invite a group** is not available. - If the project's root ancestor group [does not allow the project to be shared outside the hierarchy](../../group/access_and_permissions.md#prevent-group-sharing-outside-the-group-hierarchy), the invited group or subgroup must be in the project's [namespace](../../namespace/index.md). For example, a project in the namespace `group/subgroup01/project`: - Can be shared with `group/subgroup02` or `group/subgroup01/subgroup03`. @@ -129,3 +130,4 @@ A list of shared projects is displayed. ## Related topics - [Prevent a project from being shared with groups](../../group/access_and_permissions.md#prevent-a-project-from-being-shared-with-groups). +- [Prevent group sharing outside the group hierarchy](../../group/access_and_permissions.md#prevent-group-sharing-outside-the-group-hierarchy). diff --git a/doc/user/project/merge_requests/changes.md b/doc/user/project/merge_requests/changes.md index 094d2cf5730..f1fc1bfe233 100644 --- a/doc/user/project/merge_requests/changes.md +++ b/doc/user/project/merge_requests/changes.md @@ -34,6 +34,66 @@ To view the diff of changes included in a merge request: Files with many changes are collapsed to improve performance. GitLab displays the message: **Some changes are not shown**. To view the changes for that file, select **Expand file**. +### Collapse generated files **(FREE SELF)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140180) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `collapse_generated_diff_files`. Disabled by default. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, +an administrator can [enable the feature flag](../../../administration/feature_flags.md) +named `collapse_generated_diff_files`. +On GitLab.com, this feature is not available. + +To help reviewers focus on the files needed to perform a code review, GitLab collapses +several common types of generated files. These files are collapsed by default, because +they are unlikely to require code reviews: + +1. Files with `.nib`, `.xcworkspacedata`, or `.xcurserstate` extensions. +1. Package lock files such as `package-lock.json` or `Gopkg.lock`. +1. Files in the `node_modules` folder. +1. Minified `js` or `css` files. +1. Source map reference files. +1. Generated Go files, including the generated files by protocol buffer compiler. + +If you want to automatically collapse additional files or file types, you can use the `gitlab-generated` attribute. To mark or unmark certain files/paths as generated if the default doesn't suit +your preference. See [overriding syntax highlighting](../highlighting.md#override-syntax-highlighting-for-a-file-type) for more +detail on how to use override attributes. + +#### View a collapsed file + +1. On the left sidebar, select **Search or go to** and find your project. +1. Select **Code > Merge requests** and find your merge request. +1. Below the merge request title, select **Changes**. +1. Find the file you want to view, and select **Expand file**. + +#### Configure collapse behavior for a file type + +To change the default collapse behavior for a file type: + +1. If a `.gitattributes` file does not exist in the root directory of your project, + create a blank file with this name. +1. For each file type you want to modify, add a line to the `.gitattributes` file + declaring the file extension and your desired behavior: + + ```conf + # Collapse all files with a .txt extension + *.txt gitlab-generated + + # Collapse all files within the docs directory + docs/** gitlab-generated + + # Do not collapse package-lock.json + package-json -gitlab-generated + ``` + +1. Commit, push, and merge your changes into your default branch. + +After the changes merge into your [default branch](../repository/branches/default.md), +all files of this type in your project use this behavior in merge requests. + +For technical details about how generated files are detected, see the +[`go-enry`](https://github.com/go-enry/go-enry/blob/master/data/generated.go) repository. + ## Show one file at a time For larger merge requests, you can review one file at a time. You can change this setting |