Add latest changes from gitlab-org/gitlab@12-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-20 21:38:24 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-04-20 21:38:24 +0300
commit: 983a0bba5d2a042c4a3bbb22432ec192c7501d82 (patch)
tree: b153cd387c14ba23bd5a07514c7c01fddf6a78a0 /lib/gitlab/ci
parent: a2bddee2cdb38673df0e004d5b32d9f77797de64 (diff)
7 files changed, 118 insertions, 3 deletions
diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb
new file mode 100644
index 00000000000..491facd0a43
--- /dev/null
+++ b/lib/gitlab/ci/jwt.rb
@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    class Jwt
+      NOT_BEFORE_TIME = 5
+      DEFAULT_EXPIRE_TIME = 60 * 5
+
+      def self.for_build(build)
+        self.new(build, ttl: build.metadata_timeout).encoded
+      end
+
+      def initialize(build, ttl: nil)
+        @build = build
+        @ttl = ttl
+      end
+
+      def payload
+        custom_claims.merge(reserved_claims)
+      end
+
+      def encoded
+        headers = { kid: kid, typ: 'JWT' }
+
+        JWT.encode(payload, key, 'RS256', headers)
+      end
+
+      private
+
+      attr_reader :build, :ttl, :key_data
+
+      def reserved_claims
+        now = Time.now.to_i
+
+        {
+          jti: SecureRandom.uuid,
+          iss: Settings.gitlab.host,
+          iat: now,
+          nbf: now - NOT_BEFORE_TIME,
+          exp: now + (ttl || DEFAULT_EXPIRE_TIME),
+          sub: "job_#{build.id}"
+        }
+      end
+
+      def custom_claims
+        {
+          namespace_id: namespace.id.to_s,
+          namespace_path: namespace.full_path,
+          project_id: project.id.to_s,
+          project_path: project.full_path,
+          user_id: user&.id.to_s,
+          user_login: user&.username,
+          user_email: user&.email,
+          pipeline_id: build.pipeline.id.to_s,
+          job_id: build.id.to_s,
+          ref: source_ref,
+          ref_type: ref_type,
+          ref_protected: build.protected.to_s
+        }
+      end
+
+      def key
+        @key ||= OpenSSL::PKey::RSA.new(Rails.application.secrets.openid_connect_signing_key)
+      end
+
+      def public_key
+        key.public_key
+      end
+
+      def kid
+        public_key.to_jwk[:kid]
+      end
+
+      def project
+        build.project
+      end
+
+      def namespace
+        project.namespace
+      end
+
+      def user
+        build.user
+      end
+
+      def source_ref
+        build.pipeline.source_ref
+      end
+
+      def ref_type
+        ::Ci::BuildRunnerPresenter.new(build).ref_type
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/status/bridge/factory.rb b/lib/gitlab/ci/status/bridge/factory.rb
index 910de865483..5d397dba0de 100644
--- a/lib/gitlab/ci/status/bridge/factory.rb
+++ b/lib/gitlab/ci/status/bridge/factory.rb
@@ -5,6 +5,10 @@ module Gitlab
     module Status
       module Bridge
         class Factory < Status::Factory
+          def self.extended_statuses
+            [Status::Bridge::Failed]
+          end
+
           def self.common_helpers
             Status::Bridge::Common
           end
diff --git a/lib/gitlab/ci/status/bridge/failed.rb b/lib/gitlab/ci/status/bridge/failed.rb
new file mode 100644
index 00000000000..de7446c238c
--- /dev/null
+++ b/lib/gitlab/ci/status/bridge/failed.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Status
+      module Bridge
+        class Failed < Status::Build::Failed
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
index 6b72db951ed..3949b87bbda 100644
--- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml
@@ -1,6 +1,6 @@
 build:
   stage: build
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.2.1"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.2.2"
   variables:
     DOCKER_TLS_CERTDIR: ""
   services:
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
index c6c8256b4bb..9bf0d31409a 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
@@ -1,5 +1,5 @@
 .auto-deploy:
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v0.12.1"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v0.13.0"
 
 review:
   extends: .auto-deploy
diff --git a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
index 713b11c4d8f..54a29b04d39 100644
--- a/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml
@@ -1,6 +1,6 @@
 apply:
   stage: deploy
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.13.1"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.15.0"
   environment:
     name: production
   variables:
@@ -17,6 +17,8 @@ apply:
     ELASTIC_STACK_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/elastic-stack/values.yaml
     VAULT_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/vault/values.yaml
     CROSSPLANE_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/crossplane/values.yaml
+    FLUENTD_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/fluentd/values.yaml
+    KNATIVE_VALUES_FILE: $CI_PROJECT_DIR/.gitlab/managed-apps/knative/values.yaml
   script:
     - gitlab-managed-apps /usr/local/share/gitlab-managed-apps/helmfile.yaml
   only:
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index 717e91b3ae5..0ecf37b37a3 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -57,6 +57,8 @@ dependency_scanning:
           PIP_EXTRA_INDEX_URL \
           PIP_REQUIREMENTS_FILE \
           MAVEN_CLI_OPTS \
+          GRADLE_CLI_OPTS \
+          SBT_CLI_OPTS \
           BUNDLER_AUDIT_UPDATE_DISABLED \
           BUNDLER_AUDIT_ADVISORY_DB_URL \
           BUNDLER_AUDIT_ADVISORY_DB_REF_NAME \
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-20 21:38:24 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-04-20 21:38:24 +0300
commit	983a0bba5d2a042c4a3bbb22432ec192c7501d82 (patch)
tree	b153cd387c14ba23bd5a07514c7c01fddf6a78a0 /lib/gitlab/ci
parent	a2bddee2cdb38673df0e004d5b32d9f77797de64 (diff)