diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-08 09:08:49 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-08 09:08:49 +0300 |
commit | 208f195a9bc3614e3c720d6e485830d37c4f49df (patch) | |
tree | e3fe98a5debe6147a29a244d5e8f2e9096264c56 /doc | |
parent | bf293d47937b3332462689c3fecc868706553f3a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ci/docker/using_docker_build.md | 14 | ||||
-rw-r--r-- | doc/ci/secrets/id_token_authentication.md | 31 | ||||
-rw-r--r-- | doc/ci/testing/code_quality.md | 6 | ||||
-rw-r--r-- | doc/user/application_security/vulnerabilities/index.md | 10 |
4 files changed, 49 insertions, 12 deletions
diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md index fe57b451146..004da63476e 100644 --- a/doc/ci/docker/using_docker_build.md +++ b/doc/ci/docker/using_docker_build.md @@ -352,11 +352,9 @@ Docker-in-Docker is the recommended configuration, but you should be aware of th To use Docker commands in your CI/CD jobs, you can bind-mount `/var/run/docker.sock` into the container. Docker is then available in the context of the image. -NOTE: -If you bind the Docker socket and you are -[using GitLab Runner 11.11 or later](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261), -you can no longer use `docker:20.10.16-dind` as a service. Volume bindings -also affect services, making them incompatible. +> If you bind the Docker socket and you are [using GitLab Runner 11.11 or later](https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1261), +> you can no longer use `docker:20.10.16-dind` as a service. +> Volume bindings also affect services, making them incompatible. To make Docker available in the context of the image, you need to mount `/var/run/docker.sock` into the launched containers. To do this with the Docker @@ -392,6 +390,12 @@ sudo gitlab-runner register -n \ --docker-volumes /var/run/docker.sock:/var/run/docker.sock ``` +> If you want to use more complex Docker-in-Docker configurations, like it is necessary to run Code Quality checks with +> Code Climate, you need to ensure that the paths to the build directory are the same on the host as well as inside the +> Docker container. +> See section "[Improve Code Quality performance with private runners](../testing/code_quality.md#improve-code-quality-performance-with-private-runners)" +> in the Code Quality documentation. + #### Enable registry mirror for `docker:dind` service When the Docker daemon starts inside the service container, it uses diff --git a/doc/ci/secrets/id_token_authentication.md b/doc/ci/secrets/id_token_authentication.md index 12e0402be25..6bb460f9fc7 100644 --- a/doc/ci/secrets/id_token_authentication.md +++ b/doc/ci/secrets/id_token_authentication.md @@ -190,3 +190,34 @@ To enable automatic ID token authentication: 1. Toggle **Limit JSON Web Token (JWT) access** to enabled. <!--- end_remove --> + +## Troubleshooting + +### `400: missing token` status code + +This error indicates that one or more basic components necessary for ID tokens are +either missing or not configured as expect. + +To find the problem, an administrator can look for more details in the instance's +`exceptions_json.log` for the specific method that failed. + +#### `GitLab::Ci::Jwt::NoSigningKeyError` + +This error in the `exceptions_json.log` file is likely because the signing key is +missing from the database and the token could not be generated. To verify this is the issue, +run the following query on the instance's PostgreSQL terminal: + +```sql +SELECT encrypted_ci_jwt_signing_key FROM application_settings; +``` + +If the returned value is empty, use the Rails snippet below to generate a new key +and replace it internally: + +```ruby + key = OpenSSL::PKey::RSA.new(2048).to_pem + + ApplicationSetting.find_each do |application_setting| + application_setting.update(ci_jwt_signing_key: key) + end +``` diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md index 6eab50a1f61..5f6af4cb8a9 100644 --- a/doc/ci/testing/code_quality.md +++ b/doc/ci/testing/code_quality.md @@ -538,6 +538,12 @@ for more details. ## Troubleshooting +### The code cannot be found and the pipeline runs always with default configuration + +You are probably using a private runner with the Docker-in-Docker socket-binding configuration. +You should configure Code Quality checks to run on your worker as documented in section +"[Improve Code Quality performance with private runners](#improve-code-quality-performance-with-private-runners)". + ### Changing the default configuration has no effect A common issue is that the terms `Code Quality` (GitLab specific) and `Code Climate` diff --git a/doc/user/application_security/vulnerabilities/index.md b/doc/user/application_security/vulnerabilities/index.md index 4e937bc11d2..c21a197bcb7 100644 --- a/doc/user/application_security/vulnerabilities/index.md +++ b/doc/user/application_security/vulnerabilities/index.md @@ -6,8 +6,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Vulnerability Page **(ULTIMATE)** -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13561) in GitLab 13.0. - Each vulnerability in a project has a vulnerability page containing details of the vulnerability, including: @@ -35,8 +33,9 @@ A vulnerability's status can be: - **Dismissed**: A user has seen this vulnerability and dismissed it because it is not accurate or otherwise not to be resolved. Dismissed vulnerabilities are ignored if detected in subsequent scans. -- **Resolved**: The vulnerability has been fixed or is no longer present. Resolved vulnerabilities - that are reintroduced and detected by subsequent scans have a _new_ vulnerability record created. +- **Resolved**: The vulnerability has been fixed or is no longer present. If a resolved + vulnerability is reintroduced and detected again, its record is reinstated and its status set to + detected. ## Vulnerability dismissal reasons @@ -96,9 +95,6 @@ The issue is then opened so you can take further action. ### Create a Jira issue for a vulnerability -> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/4677) in GitLab 13.9 [with a flag](../../../administration/feature_flags.md) named `jira_for_vulnerabilities`. Disabled by default. -> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/283850) in GitLab 13.12. Feature flag `jira_for_vulnerabilities` removed. - Prerequisites: - [Enable Jira integration](../../../integration/jira/index.md). The **Enable Jira issue creation |