diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-19 15:57:54 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-19 15:57:54 +0300 |
| commit | 419c53ec62de6e97a517abd5fdd4cbde3a942a34 (patch) | |
| tree | 1f43a548b46bca8a5fb8fe0c31cef1883d49c5b6 /lib/gitlab/ci | |
| parent | 1da20d9135b3ad9e75e65b028bffc921aaf8deb7 (diff) | |
Add latest changes from gitlab-org/gitlab@16-5-stable-eev16.5.0-rc42
Diffstat (limited to 'lib/gitlab/ci')
75 files changed, 271 insertions, 160 deletions
diff --git a/lib/gitlab/ci/build/artifacts/metadata.rb b/lib/gitlab/ci/build/artifacts/metadata.rb index 5748b8e34cf..7d9235ac460 100644 --- a/lib/gitlab/ci/build/artifacts/metadata.rb +++ b/lib/gitlab/ci/build/artifacts/metadata.rb @@ -11,8 +11,8 @@ module Gitlab ParserError = Class.new(StandardError) InvalidStreamError = Class.new(StandardError) - VERSION_PATTERN = /^[\w\s]+(\d+\.\d+\.\d+)/.freeze - INVALID_PATH_PATTERN = %r{(^\.?\.?/)|(/\.?\.?/)}.freeze + VERSION_PATTERN = /^[\w\s]+(\d+\.\d+\.\d+)/ + INVALID_PATH_PATTERN = %r{(^\.?\.?/)|(/\.?\.?/)} attr_reader :stream, :path, :full_version diff --git a/lib/gitlab/ci/build/context/build.rb b/lib/gitlab/ci/build/context/build.rb index 81efbdb297b..48b138b0258 100644 --- a/lib/gitlab/ci/build/context/build.rb +++ b/lib/gitlab/ci/build/context/build.rb @@ -30,8 +30,16 @@ module Gitlab ::Ci::Build.new(build_attributes) end + # Assigning tags and needs is slow and they are not needed for rules + # evaluation since we don't use them to compute the variables at this point. def build_attributes - attributes.merge(pipeline_attributes, ci_stage_attributes) + if pipeline.reduced_build_attributes_list_for_rules? + attributes + .except(:tag_list, :needs_attributes) + .merge!(pipeline_attributes, ci_stage_attributes) + else + attributes.merge(pipeline_attributes, ci_stage_attributes) + end end def ci_stage_attributes diff --git a/lib/gitlab/ci/build/duration_parser.rb b/lib/gitlab/ci/build/duration_parser.rb index 97049a4f876..9385dccd5f3 100644 --- a/lib/gitlab/ci/build/duration_parser.rb +++ b/lib/gitlab/ci/build/duration_parser.rb @@ -41,7 +41,7 @@ module Gitlab def parse return if never? - ChronicDuration.parse(value, use_complete_matcher: true) + ChronicDuration.parse(value) end def validation_cache diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb index 17c784c4d54..551284d9099 100644 --- a/lib/gitlab/ci/components/instance_path.rb +++ b/lib/gitlab/ci/components/instance_path.rb @@ -7,19 +7,17 @@ module Gitlab include Gitlab::Utils::StrongMemoize LATEST_VERSION_KEYWORD = '~latest' - TEMPLATES_DIR = 'templates' def self.match?(address) address.include?('@') && address.start_with?(Settings.gitlab_ci['component_fqdn']) end - attr_reader :host, :project_file_path + attr_reader :host - def initialize(address:, content_filename:) + def initialize(address:) @full_path, @version = address.to_s.split('@', 2) - @content_filename = content_filename @host = Settings.gitlab_ci['component_fqdn'] - @project_file_path = nil + @component_project = ::Ci::Catalog::ComponentsProject.new(project, sha) end def fetch_content!(current_user:) @@ -28,7 +26,7 @@ module Gitlab raise Gitlab::Access::AccessDeniedError unless Ability.allowed?(current_user, :download_code, project) - content(simple_template_path) || content(complex_template_path) || content(legacy_template_path) + @component_project.fetch_component(component_name) end def project @@ -46,16 +44,7 @@ module Gitlab private - attr_reader :version, :path - - def instance_path - @full_path.delete_prefix(host) - end - - def component_path - instance_path.delete_prefix(project.full_path).delete_prefix('/') - end - strong_memoize_attr :component_path + attr_reader :version # Given a path like "my-org/sub-group/the-project/path/to/component" # find the project "my-org/sub-group/the-project" by looking at all possible paths. @@ -65,45 +54,23 @@ module Gitlab while index = path.rindex('/') # find index of last `/` in a path possible_paths << (path = path[0..index - 1]) end - # remove shortest path as it is group possible_paths.pop ::Project.where_full_path_in(possible_paths).take # rubocop: disable CodeReuse/ActiveRecord end - def latest_version_sha - project.releases.latest&.sha - end - - # A simple template consists of a single file - def simple_template_path - # Extract this line and move to fetch_content once we remove legacy fetching - return unless templates_dir_exists? && component_path.index('/').nil? - - @project_file_path = File.join(TEMPLATES_DIR, "#{component_path}.yml") - end - - # A complex template is directory-based and may consist of multiple files. - # Given a path like "my-org/sub-group/the-project/templates/component" - # returns the entry point path: "templates/component/template.yml". - def complex_template_path - # Extract this line and move to fetch_content once we remove legacy fetching - return unless templates_dir_exists? && component_path.index('/').nil? - - @project_file_path = File.join(TEMPLATES_DIR, component_path, @content_filename) - end - - def legacy_template_path - @project_file_path = File.join(component_path, @content_filename).delete_prefix('/') + def instance_path + @full_path.delete_prefix(host) end - def templates_dir_exists? - project.repository.tree.trees.map(&:name).include?(TEMPLATES_DIR) + def component_name + instance_path.delete_prefix(project.full_path).delete_prefix('/') end + strong_memoize_attr :component_name - def content(path) - project.repository.blob_data_at(sha, path) + def latest_version_sha + project.releases.latest&.sha end end end diff --git a/lib/gitlab/ci/config/entry/artifacts.rb b/lib/gitlab/ci/config/entry/artifacts.rb index 27206d7e3a8..3fd07811daf 100644 --- a/lib/gitlab/ci/config/entry/artifacts.rb +++ b/lib/gitlab/ci/config/entry/artifacts.rb @@ -14,7 +14,7 @@ module Gitlab ALLOWED_WHEN = %w[on_success on_failure always].freeze ALLOWED_KEYS = %i[name untracked paths reports when expire_in expose_as exclude public].freeze - EXPOSE_AS_REGEX = /\A\w[-\w ]*\z/.freeze + EXPOSE_AS_REGEX = /\A\w[-\w ]*\z/ EXPOSE_AS_ERROR_MESSAGE = "can contain only letters, digits, '-', '_' and spaces" attributes ALLOWED_KEYS diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb index c40d665f320..bf8a99ef45e 100644 --- a/lib/gitlab/ci/config/entry/job.rb +++ b/lib/gitlab/ci/config/entry/job.rb @@ -177,7 +177,7 @@ module Gitlab def parsed_timeout return unless has_timeout? - ChronicDuration.parse(timeout.to_s, use_complete_matcher: true) + ChronicDuration.parse(timeout.to_s) end def ignored? diff --git a/lib/gitlab/ci/config/external/file/base.rb b/lib/gitlab/ci/config/external/file/base.rb index efba81c7420..b3c802e5657 100644 --- a/lib/gitlab/ci/config/external/file/base.rb +++ b/lib/gitlab/ci/config/external/file/base.rb @@ -10,7 +10,7 @@ module Gitlab attr_reader :location, :params, :context, :errors - YAML_WHITELIST_EXTENSION = /.+\.(yml|yaml)$/i.freeze + YAML_WHITELIST_EXTENSION = /.+\.(yml|yaml)$/i def initialize(params, context) @params = params @@ -114,7 +114,9 @@ module Gitlab def content_result context.logger.instrument(:config_file_fetch_content_hash) do - ::Gitlab::Ci::Config::Yaml::Loader.new(content, inputs: content_inputs).load + ::Gitlab::Ci::Config::Yaml::Loader.new( + content, inputs: content_inputs, variables: context.variables + ).load end end strong_memoize_attr :content_result diff --git a/lib/gitlab/ci/config/external/file/component.rb b/lib/gitlab/ci/config/external/file/component.rb index de6de1bb7a8..03063e76dde 100644 --- a/lib/gitlab/ci/config/external/file/component.rb +++ b/lib/gitlab/ci/config/external/file/component.rb @@ -20,7 +20,7 @@ module Gitlab ::Gitlab::UsageDataCounters::HLLRedisCounter.track_event('cicd_component_usage', values: context.user.id) - component_result.payload.fetch(:content) + component_payload.fetch(:content) end strong_memoize_attr :content @@ -65,30 +65,30 @@ module Gitlab override :expand_context_attrs def expand_context_attrs { - project: component_path.project, - sha: component_path.sha, + project: component_payload.fetch(:project), + sha: component_payload.fetch(:sha), user: context.user, variables: context.variables } end def masked_blob - return unless component_path + return unless component_payload context.mask_variables_from( Gitlab::Routing.url_helpers.project_blob_url( - component_path.project, - ::File.join(component_path.sha, component_path.project_file_path)) + component_payload.fetch(:project), + ::File.join(component_payload.fetch(:sha), component_payload.fetch(:path))) ) end strong_memoize_attr :masked_blob - def component_path + def component_payload return unless component_result.success? - component_result.payload.fetch(:path) + component_result.payload end - strong_memoize_attr :component_path + strong_memoize_attr :component_payload end end end diff --git a/lib/gitlab/ci/config/header/input.rb b/lib/gitlab/ci/config/header/input.rb index 76a89a3080e..dcb96006459 100644 --- a/lib/gitlab/ci/config/header/input.rb +++ b/lib/gitlab/ci/config/header/input.rb @@ -11,12 +11,16 @@ module Gitlab include ::Gitlab::Config::Entry::Validatable include ::Gitlab::Config::Entry::Attributable - attributes :default, :type, prefix: :input + ALLOWED_KEYS = %i[default description regex type].freeze + + attributes ALLOWED_KEYS, prefix: :input validations do - validates :config, type: Hash, allowed_keys: [:default, :type] + validates :config, type: Hash, allowed_keys: ALLOWED_KEYS validates :key, alphanumeric: true validates :input_default, alphanumeric: true, allow_nil: true + validates :input_description, alphanumeric: true, allow_nil: true + validates :input_regex, type: String, allow_nil: true validates :input_type, allow_nil: true, allowed_values: Interpolation::Inputs.input_types end end diff --git a/lib/gitlab/ci/config/interpolation/block.rb b/lib/gitlab/ci/config/interpolation/block.rb index cf8420f924e..aec19299e86 100644 --- a/lib/gitlab/ci/config/interpolation/block.rb +++ b/lib/gitlab/ci/config/interpolation/block.rb @@ -62,7 +62,7 @@ module Gitlab return @errors.concat(access.errors) unless access.valid? return @errors.push('too many functions in interpolation block') if functions.count > MAX_FUNCTIONS - result = Interpolation::FunctionsStack.new(functions).evaluate(access.value) + result = Interpolation::FunctionsStack.new(functions, ctx).evaluate(access.value) if result.success? @value = result.value diff --git a/lib/gitlab/ci/config/interpolation/context.rb b/lib/gitlab/ci/config/interpolation/context.rb index f5e7db03291..19ea619f7da 100644 --- a/lib/gitlab/ci/config/interpolation/context.rb +++ b/lib/gitlab/ci/config/interpolation/context.rb @@ -14,8 +14,11 @@ module Gitlab MAX_DEPTH = 3 - def initialize(hash) - @context = hash + attr_reader :variables + + def initialize(data, variables: []) + @data = data + @variables = Ci::Variables::Collection.fabricate(variables) raise ContextTooComplexError if depth > MAX_DEPTH end @@ -32,25 +35,25 @@ module Gitlab end def depth - deep_depth(@context) + deep_depth(@data) end def fetch(field) - @context.fetch(field) + @data.fetch(field) end def key?(name) - @context.key?(name) + @data.key?(name) end def to_h - @context.to_h + @data.to_h end private - def deep_depth(context, depth = 0) - values = context.values.map do |value| + def deep_depth(data, depth = 0) + values = data.values.map do |value| if value.is_a?(Hash) deep_depth(value, depth + 1) else @@ -61,10 +64,10 @@ module Gitlab values.max.to_i end - def self.fabricate(context) + def self.fabricate(context, variables: []) case context when Hash - new(context) + new(context, variables: variables) when Interpolation::Context context else diff --git a/lib/gitlab/ci/config/interpolation/functions/base.rb b/lib/gitlab/ci/config/interpolation/functions/base.rb index b9ce8cdc5bc..b04152a1558 100644 --- a/lib/gitlab/ci/config/interpolation/functions/base.rb +++ b/lib/gitlab/ci/config/interpolation/functions/base.rb @@ -20,9 +20,10 @@ module Gitlab function_expression_pattern.match?(function_expression) end - def initialize(function_expression) + def initialize(function_expression, ctx) @errors = [] @function_args = parse_args(function_expression) + @ctx = ctx end def valid? @@ -35,10 +36,11 @@ module Gitlab private - attr_reader :function_args + attr_reader :function_args, :ctx def error(message) errors << "error in `#{self.class.name}` function: #{message}" + nil end def parse_args(function_expression) diff --git a/lib/gitlab/ci/config/interpolation/functions/expand_vars.rb b/lib/gitlab/ci/config/interpolation/functions/expand_vars.rb new file mode 100644 index 00000000000..658964018b5 --- /dev/null +++ b/lib/gitlab/ci/config/interpolation/functions/expand_vars.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + class Config + module Interpolation + module Functions + class ExpandVars < Base + def self.function_expression_pattern + /^#{name}$/ + end + + def self.name + 'expand_vars' + end + + def execute(input_value) + unless input_value.is_a?(String) + error("invalid input type: #{self.class.name} can only be used with string inputs") + return + end + + ExpandVariables.expand_existing(input_value, ctx.variables, fail_on_masked: true) + rescue ExpandVariables::VariableExpansionError => e + error("variable expansion error: #{e.message}") + nil + end + end + end + end + end + end +end diff --git a/lib/gitlab/ci/config/interpolation/functions_stack.rb b/lib/gitlab/ci/config/interpolation/functions_stack.rb index 951d1121d4f..4cb3e67b3e3 100644 --- a/lib/gitlab/ci/config/interpolation/functions_stack.rb +++ b/lib/gitlab/ci/config/interpolation/functions_stack.rb @@ -16,12 +16,14 @@ module Gitlab end FUNCTIONS = [ - Functions::Truncate + Functions::Truncate, + Functions::ExpandVars ].freeze attr_reader :errors - def initialize(function_expressions) + def initialize(function_expressions, ctx) + @ctx = ctx @errors = [] @functions = build_stack(function_expressions) end @@ -48,14 +50,14 @@ module Gitlab private - attr_reader :functions + attr_reader :functions, :ctx def build_stack(function_expressions) function_expressions.map do |function_expression| matching_function = FUNCTIONS.find { |function| function.matches?(function_expression) } if matching_function.present? - matching_function.new(function_expression) + matching_function.new(function_expression, ctx) else message = "no function matching `#{function_expression}`: " \ 'check that the function name, arguments, and types are correct' diff --git a/lib/gitlab/ci/config/interpolation/inputs/base_input.rb b/lib/gitlab/ci/config/interpolation/inputs/base_input.rb index 5648c4d31ea..ba519776635 100644 --- a/lib/gitlab/ci/config/interpolation/inputs/base_input.rb +++ b/lib/gitlab/ci/config/interpolation/inputs/base_input.rb @@ -62,7 +62,15 @@ module Gitlab end # validate provided value - error("provided value is not a #{self.class.type_name}") unless valid_value?(actual_value) + return error("provided value is not a #{self.class.type_name}") unless valid_value?(actual_value) + + validate_regex! + end + + def validate_regex! + return unless spec.key?(:regex) + + error('RegEx validation can only be used with string inputs') end def error(message) diff --git a/lib/gitlab/ci/config/interpolation/inputs/string_input.rb b/lib/gitlab/ci/config/interpolation/inputs/string_input.rb index 39870582d0c..3f40e851f11 100644 --- a/lib/gitlab/ci/config/interpolation/inputs/string_input.rb +++ b/lib/gitlab/ci/config/interpolation/inputs/string_input.rb @@ -25,6 +25,24 @@ module Gitlab def valid_value?(value) value.nil? || value.is_a?(String) end + + private + + def validate_regex! + return unless spec.key?(:regex) + + safe_regex = ::Gitlab::UntrustedRegexp.new(spec[:regex]) + + return if safe_regex.match?(actual_value) + + if value.nil? + error('default value does not match required RegEx pattern') + else + error('provided value does not match required RegEx pattern') + end + rescue RegexpError + error('invalid regular expression') + end end end end diff --git a/lib/gitlab/ci/config/interpolation/interpolator.rb b/lib/gitlab/ci/config/interpolation/interpolator.rb index 95c419d7427..5b21b777c1d 100644 --- a/lib/gitlab/ci/config/interpolation/interpolator.rb +++ b/lib/gitlab/ci/config/interpolation/interpolator.rb @@ -8,11 +8,12 @@ module Gitlab # Performs CI config file interpolation, and surfaces all possible interpolation errors. # class Interpolator - attr_reader :config, :args, :errors + attr_reader :config, :args, :variables, :errors - def initialize(config, args) + def initialize(config, args, variables) @config = config @args = args.to_h + @variables = variables @errors = [] @interpolated = false end @@ -86,7 +87,7 @@ module Gitlab end def context - @context ||= Context.new({ inputs: inputs.to_hash }) + @context ||= Context.new({ inputs: inputs.to_hash }, variables: variables) end def template diff --git a/lib/gitlab/ci/config/yaml/loader.rb b/lib/gitlab/ci/config/yaml/loader.rb index 5d56061a8bb..1e9ac2b3dd5 100644 --- a/lib/gitlab/ci/config/yaml/loader.rb +++ b/lib/gitlab/ci/config/yaml/loader.rb @@ -10,9 +10,10 @@ module Gitlab AVAILABLE_TAGS = [Config::Yaml::Tags::Reference].freeze MAX_DOCUMENTS = 2 - def initialize(content, inputs: {}) + def initialize(content, inputs: {}, variables: []) @content = content @inputs = inputs + @variables = variables end def load @@ -20,7 +21,7 @@ module Gitlab return yaml_result unless yaml_result.valid? - interpolator = Interpolation::Interpolator.new(yaml_result, inputs) + interpolator = Interpolation::Interpolator.new(yaml_result, inputs, variables) interpolator.interpolate! @@ -32,16 +33,16 @@ module Gitlab end end - private - - attr_reader :content, :inputs - def load_uninterpolated_yaml Yaml::Result.new(config: load_yaml!, error: nil) rescue ::Gitlab::Config::Loader::FormatError => e Yaml::Result.new(error: e.message, error_class: e) end + private + + attr_reader :content, :inputs, :variables + def load_yaml! ensure_custom_tags diff --git a/lib/gitlab/ci/config/yaml/result.rb b/lib/gitlab/ci/config/yaml/result.rb index a68cfde6653..0e7e9230467 100644 --- a/lib/gitlab/ci/config/yaml/result.rb +++ b/lib/gitlab/ci/config/yaml/result.rb @@ -39,6 +39,10 @@ module Gitlab @config.first || {} end + + def inputs + (has_header? && header[:spec][:inputs]) || {} + end end end end diff --git a/lib/gitlab/ci/lint.rb b/lib/gitlab/ci/lint.rb index 54861e2769e..f213bc83d90 100644 --- a/lib/gitlab/ci/lint.rb +++ b/lib/gitlab/ci/lint.rb @@ -25,12 +25,12 @@ module Gitlab LOG_MAX_DURATION_THRESHOLD = 2.seconds - def initialize(project:, current_user:, sha: nil) + def initialize(project:, current_user:, sha: nil, verify_project_sha: true) @project = project @current_user = current_user # If the `sha` is not provided, the default is the project's head commit (or nil). In such case, we # don't need to call `YamlProcessor.verify_project_sha!`, which prevents redundant calls to Gitaly. - @verify_project_sha = sha.present? + @verify_project_sha = verify_project_sha && sha.present? @sha = sha || project&.repository&.commit&.sha end diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index ee1da82f285..9032faa66d4 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -140,7 +140,10 @@ module Gitlab signatures: signatures, project_id: @project.id, found_by_pipeline: report.pipeline, - vulnerability_finding_signatures_enabled: @signatures_enabled)) + vulnerability_finding_signatures_enabled: @signatures_enabled, + cvss: data['cvss'] || [] + ) + ) end def create_signatures(tracking) diff --git a/lib/gitlab/ci/parsers/test/junit.rb b/lib/gitlab/ci/parsers/test/junit.rb index d95ecff85cd..5b8abccc6d4 100644 --- a/lib/gitlab/ci/parsers/test/junit.rb +++ b/lib/gitlab/ci/parsers/test/junit.rb @@ -6,7 +6,7 @@ module Gitlab module Test class Junit JunitParserError = Class.new(Gitlab::Ci::Parsers::ParserError) - ATTACHMENT_TAG_REGEX = /\[\[ATTACHMENT\|(?<path>.+?)\]\]/.freeze + ATTACHMENT_TAG_REGEX = /\[\[ATTACHMENT\|(?<path>.+?)\]\]/ def parse!(xml_data, test_report, job:) test_suite = test_report.get_suite(job.test_suite_name) @@ -64,13 +64,16 @@ module Gitlab end def create_test_case(data, test_suite, job) + system_out = data.key?('system_out') ? "System Out:\n\n#{data['system_out']}" : nil + system_err = data.key?('system_err') ? "System Err:\n\n#{data['system_err']}" : nil + if data.key?('failure') status = ::Gitlab::Ci::Reports::TestCase::STATUS_FAILED - system_output = data['failure'] || data['system_err'] + system_output = [data['failure'], system_out, system_err].compact.join("\n\n") attachment = attachment_path(data['system_out']) elsif data.key?('error') status = ::Gitlab::Ci::Reports::TestCase::STATUS_ERROR - system_output = data['error'] || data['system_err'] + system_output = [data['error'], system_out, system_err].compact.join("\n\n") attachment = attachment_path(data['system_out']) elsif data.key?('skipped') status = ::Gitlab::Ci::Reports::TestCase::STATUS_SKIPPED diff --git a/lib/gitlab/ci/pipeline/chain/skip.rb b/lib/gitlab/ci/pipeline/chain/skip.rb index 76dfb4cbd87..152ea700eb7 100644 --- a/lib/gitlab/ci/pipeline/chain/skip.rb +++ b/lib/gitlab/ci/pipeline/chain/skip.rb @@ -7,7 +7,7 @@ module Gitlab class Skip < Chain::Base include ::Gitlab::Utils::StrongMemoize - SKIP_PATTERN = /\[(ci[ _-]skip|skip[ _-]ci)\]/i.freeze + SKIP_PATTERN = /\[(ci[ _-]skip|skip[ _-]ci)\]/i def perform! if skipped? diff --git a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb index 1939b1ff395..c89f9933616 100644 --- a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb +++ b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb @@ -19,7 +19,7 @@ module Gitlab end if project.import_in_progress? - return error('Import in progress') + return error('You cannot run pipelines before project import is complete.') end unless allowed_to_create_pipeline? diff --git a/lib/gitlab/ci/pipeline/expression.rb b/lib/gitlab/ci/pipeline/expression.rb index 61d392121d8..a7b82395b6d 100644 --- a/lib/gitlab/ci/pipeline/expression.rb +++ b/lib/gitlab/ci/pipeline/expression.rb @@ -5,7 +5,6 @@ module Gitlab module Pipeline module Expression ExpressionError = Class.new(StandardError) - RuntimeError = Class.new(ExpressionError) end end end diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/and.rb b/lib/gitlab/ci/pipeline/expression/lexeme/and.rb index 422735bd104..70d439e2d20 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/and.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/and.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class And < Lexeme::LogicalOperator - PATTERN = /&&/.freeze + PATTERN = /&&/ def evaluate(variables = {}) @left.evaluate(variables) && @right.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/equals.rb b/lib/gitlab/ci/pipeline/expression/lexeme/equals.rb index d35be12c996..9a45105eeaf 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/equals.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/equals.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class Equals < Lexeme::LogicalOperator - PATTERN = /==/.freeze + PATTERN = /==/ def evaluate(variables = {}) @left.evaluate(variables) == @right.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/matches.rb b/lib/gitlab/ci/pipeline/expression/lexeme/matches.rb index c4f06c4686d..35e08776820 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/matches.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/matches.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class Matches < Lexeme::LogicalOperator - PATTERN = /=~/.freeze + PATTERN = /=~/ def evaluate(variables = {}) text = @left.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/not_equals.rb b/lib/gitlab/ci/pipeline/expression/lexeme/not_equals.rb index 64485a7e6b3..54ae3b0c369 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/not_equals.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/not_equals.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class NotEquals < Lexeme::LogicalOperator - PATTERN = /!=/.freeze + PATTERN = /!=/ def evaluate(variables = {}) @left.evaluate(variables) != @right.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/not_matches.rb b/lib/gitlab/ci/pipeline/expression/lexeme/not_matches.rb index 99d9206da74..4cd9e3f3572 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/not_matches.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/not_matches.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class NotMatches < Lexeme::LogicalOperator - PATTERN = /\!~/.freeze + PATTERN = /\!~/ def evaluate(variables = {}) text = @left.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/null.rb b/lib/gitlab/ci/pipeline/expression/lexeme/null.rb index e7f7945532b..89b7e0b102e 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/null.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/null.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class Null < Lexeme::Value - PATTERN = /null/.freeze + PATTERN = /null/ def initialize(value = nil) super diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/or.rb b/lib/gitlab/ci/pipeline/expression/lexeme/or.rb index c7d653ac859..1a7b619c49c 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/or.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/or.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class Or < Lexeme::LogicalOperator - PATTERN = /\|\|/.freeze + PATTERN = /\|\|/ def evaluate(variables = {}) @left.evaluate(variables) || @right.evaluate(variables) diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_close.rb b/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_close.rb index b0ca26c9f5d..29b5e47a65f 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_close.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_close.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class ParenthesisClose < Lexeme::Operator - PATTERN = /\)/.freeze + PATTERN = /\)/ def self.type :parenthesis_close diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_open.rb b/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_open.rb index 924fe0663ab..80f92609154 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_open.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/parenthesis_open.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class ParenthesisOpen < Lexeme::Operator - PATTERN = /\(/.freeze + PATTERN = /\(/ def self.type :parenthesis_open diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/pattern.rb b/lib/gitlab/ci/pipeline/expression/lexeme/pattern.rb index cd4106b16bb..17fe82b2236 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/pattern.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/pattern.rb @@ -5,23 +5,17 @@ module Gitlab module Pipeline module Expression module Lexeme - require_dependency 're2' - class Pattern < Lexeme::Value - PATTERN = %r{^\/([^\/]|\\/)+[^\\]\/[ismU]*}.freeze + PATTERN = %r{^\/([^\/]|\\/)+[^\\]\/[ismU]*} def initialize(regexp) super(regexp.gsub(%r{\\/}, '/')) - unless Gitlab::UntrustedRegexp::RubySyntax.valid?(@value) - raise Lexer::SyntaxError, 'Invalid regular expression!' - end + raise Lexer::SyntaxError, 'Invalid regular expression!' unless cached_regexp.valid? end def evaluate(variables = {}) - Gitlab::UntrustedRegexp::RubySyntax.fabricate!(@value) - rescue RegexpError - raise Expression::RuntimeError, 'Invalid regular expression!' + cached_regexp.expression end def inspect @@ -47,6 +41,12 @@ module Gitlab new_pattern.evaluate(variables) end + + private + + def cached_regexp + @cached_regexp ||= RegularExpression.new(@value) + end end end end diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/pattern/regular_expression.rb b/lib/gitlab/ci/pipeline/expression/lexeme/pattern/regular_expression.rb new file mode 100644 index 00000000000..5b771abf4ba --- /dev/null +++ b/lib/gitlab/ci/pipeline/expression/lexeme/pattern/regular_expression.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +module Gitlab + module Ci + module Pipeline + module Expression + module Lexeme + class Pattern + require_dependency 're2' + class RegularExpression + include Gitlab::Utils::StrongMemoize + + attr_reader :value + + def initialize(value) + @value = value + end + + def expression + Gitlab::SafeRequestStore.fetch("#{self.class}#unsafe_regexp:#{value}") do + Gitlab::UntrustedRegexp::RubySyntax.fabricate!(value) + end + end + strong_memoize_attr :expression + + def valid? + !!expression + rescue RegexpError + false + end + end + end + end + end + end + end +end diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/string.rb b/lib/gitlab/ci/pipeline/expression/lexeme/string.rb index 798cea34db6..c43150125b7 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/string.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/string.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class String < Lexeme::Value - PATTERN = /("(?<string>.*?)")|('(?<string>.*?)')/.freeze + PATTERN = /("(?<string>.*?)")|('(?<string>.*?)')/ def evaluate(variables = {}) @value.to_s diff --git a/lib/gitlab/ci/pipeline/expression/lexeme/variable.rb b/lib/gitlab/ci/pipeline/expression/lexeme/variable.rb index 6da88fd287e..2ecd50d32e4 100644 --- a/lib/gitlab/ci/pipeline/expression/lexeme/variable.rb +++ b/lib/gitlab/ci/pipeline/expression/lexeme/variable.rb @@ -6,7 +6,7 @@ module Gitlab module Expression module Lexeme class Variable < Lexeme::Value - PATTERN = /\$(?<name>\w+)/.freeze + PATTERN = /\$(?<name>\w+)/ def evaluate(variables = {}) unless variables.is_a?(ActiveSupport::HashWithIndifferentAccess) diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb index d439149158a..fa8494483d3 100644 --- a/lib/gitlab/ci/reports/security/finding.rb +++ b/lib/gitlab/ci/reports/security/finding.rb @@ -30,12 +30,13 @@ module Gitlab attr_reader :project_id attr_reader :original_data attr_reader :found_by_pipeline + attr_reader :cvss delegate :file_path, :start_line, :end_line, to: :location alias_method :cve, :compare_key - def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil) # rubocop:disable Metrics/ParameterLists + def initialize(compare_key:, identifiers:, flags: [], links: [], remediations: [], location:, evidence:, metadata_version:, name:, original_data:, report_type:, scanner:, scan:, uuid:, confidence: nil, severity: nil, details: {}, signatures: [], project_id: nil, vulnerability_finding_signatures_enabled: false, found_by_pipeline: nil, cvss: []) # rubocop:disable Metrics/ParameterLists @compare_key = compare_key @confidence = confidence @identifiers = identifiers @@ -57,6 +58,7 @@ module Gitlab @project_id = project_id @vulnerability_finding_signatures_enabled = vulnerability_finding_signatures_enabled @found_by_pipeline = found_by_pipeline + @cvss = cvss @project_fingerprint = generate_project_fingerprint end diff --git a/lib/gitlab/ci/status/canceled.rb b/lib/gitlab/ci/status/canceled.rb index f173964b36c..a3376692570 100644 --- a/lib/gitlab/ci/status/canceled.rb +++ b/lib/gitlab/ci/status/canceled.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Canceled < Status::Core def text - s_('CiStatusText|canceled') + s_('CiStatusText|Canceled') end def label diff --git a/lib/gitlab/ci/status/core.rb b/lib/gitlab/ci/status/core.rb index f60f5243666..c5306de830b 100644 --- a/lib/gitlab/ci/status/core.rb +++ b/lib/gitlab/ci/status/core.rb @@ -38,6 +38,10 @@ module Gitlab raise NotImplementedError end + def name + self.class.name.demodulize.underscore.upcase + end + def group self.class.name.demodulize.underscore end diff --git a/lib/gitlab/ci/status/created.rb b/lib/gitlab/ci/status/created.rb index 33e67314d93..9ad4b2f079e 100644 --- a/lib/gitlab/ci/status/created.rb +++ b/lib/gitlab/ci/status/created.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Created < Status::Core def text - s_('CiStatusText|created') + s_('CiStatusText|Created') end def label diff --git a/lib/gitlab/ci/status/failed.rb b/lib/gitlab/ci/status/failed.rb index 215d27734a7..cb498f72ffe 100644 --- a/lib/gitlab/ci/status/failed.rb +++ b/lib/gitlab/ci/status/failed.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Failed < Status::Core def text - s_('CiStatusText|failed') + s_('CiStatusText|Failed') end def label diff --git a/lib/gitlab/ci/status/manual.rb b/lib/gitlab/ci/status/manual.rb index eb376df5f22..02e65dd1f4c 100644 --- a/lib/gitlab/ci/status/manual.rb +++ b/lib/gitlab/ci/status/manual.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Manual < Status::Core def text - s_('CiStatusText|manual') + s_('CiStatusText|Manual') end def label diff --git a/lib/gitlab/ci/status/pending.rb b/lib/gitlab/ci/status/pending.rb index 4280ad84534..ddbdf94c089 100644 --- a/lib/gitlab/ci/status/pending.rb +++ b/lib/gitlab/ci/status/pending.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Pending < Status::Core def text - s_('CiStatusText|pending') + s_('CiStatusText|Pending') end def label diff --git a/lib/gitlab/ci/status/pipeline/blocked.rb b/lib/gitlab/ci/status/pipeline/blocked.rb index ed13a439be0..2e01f4948a9 100644 --- a/lib/gitlab/ci/status/pipeline/blocked.rb +++ b/lib/gitlab/ci/status/pipeline/blocked.rb @@ -6,7 +6,7 @@ module Gitlab module Pipeline class Blocked < Status::Extended def text - s_('CiStatusText|blocked') + s_('CiStatusText|Blocked') end def label diff --git a/lib/gitlab/ci/status/pipeline/delayed.rb b/lib/gitlab/ci/status/pipeline/delayed.rb index e61acdcd167..47048afbe1d 100644 --- a/lib/gitlab/ci/status/pipeline/delayed.rb +++ b/lib/gitlab/ci/status/pipeline/delayed.rb @@ -6,7 +6,7 @@ module Gitlab module Pipeline class Delayed < Status::Extended def text - s_('CiStatusText|delayed') + s_('CiStatusText|Delayed') end def label diff --git a/lib/gitlab/ci/status/preparing.rb b/lib/gitlab/ci/status/preparing.rb index e59d1d2eed1..e29b5416e8d 100644 --- a/lib/gitlab/ci/status/preparing.rb +++ b/lib/gitlab/ci/status/preparing.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Preparing < Status::Core def text - s_('CiStatusText|preparing') + s_('CiStatusText|Preparing') end def label diff --git a/lib/gitlab/ci/status/running.rb b/lib/gitlab/ci/status/running.rb index eed1983e60e..dc36e62e2a3 100644 --- a/lib/gitlab/ci/status/running.rb +++ b/lib/gitlab/ci/status/running.rb @@ -5,11 +5,11 @@ module Gitlab module Status class Running < Status::Core def text - s_('CiStatus|running') + s_('CiStatusText|Running') end def label - s_('CiStatus|running') + s_('CiStatusLabel|running') end def icon diff --git a/lib/gitlab/ci/status/scheduled.rb b/lib/gitlab/ci/status/scheduled.rb index 8526becfef9..a3797c5c8d7 100644 --- a/lib/gitlab/ci/status/scheduled.rb +++ b/lib/gitlab/ci/status/scheduled.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Scheduled < Status::Core def text - s_('CiStatusText|scheduled') + s_('CiStatusText|Scheduled') end def label diff --git a/lib/gitlab/ci/status/skipped.rb b/lib/gitlab/ci/status/skipped.rb index 238aa3ab4f9..4263536552b 100644 --- a/lib/gitlab/ci/status/skipped.rb +++ b/lib/gitlab/ci/status/skipped.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Skipped < Status::Core def text - s_('CiStatusText|skipped') + s_('CiStatusText|Skipped') end def label diff --git a/lib/gitlab/ci/status/success.rb b/lib/gitlab/ci/status/success.rb index 2a10e60414e..9389138e034 100644 --- a/lib/gitlab/ci/status/success.rb +++ b/lib/gitlab/ci/status/success.rb @@ -5,7 +5,7 @@ module Gitlab module Status class Success < Status::Core def text - s_('CiStatusText|passed') + s_('CiStatusText|Passed') end def label diff --git a/lib/gitlab/ci/status/success_warning.rb b/lib/gitlab/ci/status/success_warning.rb index 84a0e52f518..91f0ba1a58f 100644 --- a/lib/gitlab/ci/status/success_warning.rb +++ b/lib/gitlab/ci/status/success_warning.rb @@ -9,7 +9,7 @@ module Gitlab # class SuccessWarning < Status::Extended def text - s_('CiStatusText|warning') + s_('CiStatusText|Warning') end def label @@ -20,6 +20,10 @@ module Gitlab 'status_warning' end + def name + 'SUCCESS_WITH_WARNINGS' + end + def group 'success-with-warnings' end diff --git a/lib/gitlab/ci/status/waiting_for_resource.rb b/lib/gitlab/ci/status/waiting_for_resource.rb index 9ced0aadb88..5714a68cac8 100644 --- a/lib/gitlab/ci/status/waiting_for_resource.rb +++ b/lib/gitlab/ci/status/waiting_for_resource.rb @@ -5,7 +5,7 @@ module Gitlab module Status class WaitingForResource < Status::Core def text - s_('CiStatusText|waiting') + s_('CiStatusText|Waiting') end def label @@ -20,6 +20,10 @@ module Gitlab 'favicon_status_pending' end + def name + 'WAITING_FOR_RESOURCE' + end + def group 'waiting-for-resource' end diff --git a/lib/gitlab/ci/templates/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Code-Quality.gitlab-ci.yml index b4ccf96b859..3132535ef6b 100644 --- a/lib/gitlab/ci/templates/Code-Quality.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Code-Quality.gitlab-ci.yml @@ -1,2 +1,2 @@ include: - template: Jobs/Code-Quality.gitlab-ci.yml + - template: Jobs/Code-Quality.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml b/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml index 48c9422b469..356062c734e 100644 --- a/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Cosign.gitlab-ci.yml @@ -8,7 +8,7 @@ # See https://docs.gitlab.com/ee/ci/yaml/signing_examples.html for more details. include: - template: Docker.gitlab-ci.yml + - template: Docker.gitlab-ci.yml docker-build: variables: diff --git a/lib/gitlab/ci/templates/Docker.gitlab-ci.yml b/lib/gitlab/ci/templates/Docker.gitlab-ci.yml index 1aa346aec67..416f424dfa5 100644 --- a/lib/gitlab/ci/templates/Docker.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Docker.gitlab-ci.yml @@ -11,7 +11,7 @@ docker-build: # Use the official docker image. - image: docker:latest + image: docker:cli stage: build services: - docker:dind diff --git a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml index 07bc3fbe795..2d04c97b32e 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.41.0' + AUTO_BUILD_IMAGE_VERSION: 'v1.44.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml index 07bc3fbe795..2d04c97b32e 100644 --- a/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Build.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_BUILD_IMAGE_VERSION: 'v1.41.0' + AUTO_BUILD_IMAGE_VERSION: 'v1.44.0' build: stage: build diff --git a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml index f9440bfe904..45547b87eb6 100644 --- a/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml @@ -7,7 +7,9 @@ code_quality: command: ['--tls=false', '--host=tcp://0.0.0.0:2375'] variables: DOCKER_DRIVER: overlay2 + DOCKER_CERT_PATH: "" DOCKER_TLS_CERTDIR: "" + DOCKER_TLS_VERIFY: "" CODE_QUALITY_IMAGE_TAG: "0.96.0" CODE_QUALITY_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/gitlab-org/ci-cd/codequality:$CODE_QUALITY_IMAGE_TAG" DOCKER_SOCKET_PATH: /var/run/docker.sock diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml index e9ba938142d..4d53b92763a 100644 --- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' + DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.59.1' .dast-auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml index eaaf171e4b5..390824e8e49 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.59.1' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml index d2e448fb6a1..a9681c0f927 100644 --- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - AUTO_DEPLOY_IMAGE_VERSION: 'v2.56.0' + AUTO_DEPLOY_IMAGE_VERSION: 'v2.59.1' .auto-deploy: image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}" diff --git a/lib/gitlab/ci/templates/Python.gitlab-ci.yml b/lib/gitlab/ci/templates/Python.gitlab-ci.yml index d53f3ddcad4..c19a08bd11d 100644 --- a/lib/gitlab/ci/templates/Python.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Python.gitlab-ci.yml @@ -12,15 +12,10 @@ image: python:latest variables: PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" -# Pip's cache doesn't store the python packages # https://pip.pypa.io/en/stable/topics/caching/ -# -# If you want to also cache the installed packages, you have to install -# them in a virtualenv and cache it as well. cache: paths: - .cache/pip - - venv/ before_script: - python --version ; pip --version # For debugging diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml index 879d6a7a468..d6384f59bc1 100644 --- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665 include: - template: Jobs/Container-Scanning.gitlab-ci.yml + - template: Jobs/Container-Scanning.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml index 7a4f451314e..f4fd9e97665 100644 --- a/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Container-Scanning.latest.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/381665 include: - template: Jobs/Container-Scanning.latest.gitlab-ci.yml + - template: Jobs/Container-Scanning.latest.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml index 1785d4216e7..2055b5e181f 100644 --- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977 include: - template: Jobs/Dependency-Scanning.gitlab-ci.yml + - template: Jobs/Dependency-Scanning.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml index a99fe4a6dcf..0fe544b2c84 100644 --- a/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977 include: - template: Jobs/License-Scanning.gitlab-ci.yml + - template: Jobs/License-Scanning.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/SAST-IaC.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST-IaC.gitlab-ci.yml index 2207d4ec17a..4cc51c01b63 100644 --- a/lib/gitlab/ci/templates/Security/SAST-IaC.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST-IaC.gitlab-ci.yml @@ -1,2 +1,2 @@ include: - template: Jobs/SAST-IaC.gitlab-ci.yml + - template: Jobs/SAST-IaC.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/SAST-IaC.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST-IaC.latest.gitlab-ci.yml index 8c0d72ff282..a411fc03122 100644 --- a/lib/gitlab/ci/templates/Security/SAST-IaC.latest.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST-IaC.latest.gitlab-ci.yml @@ -1,2 +1,2 @@ include: - template: Jobs/SAST-IaC.latest.gitlab-ci.yml + - template: Jobs/SAST-IaC.latest.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index 77ce813dd4f..6c25d628d55 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977 include: - template: Jobs/SAST.gitlab-ci.yml + - template: Jobs/SAST.gitlab-ci.yml diff --git a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml index d4ea7165d0a..353d523daf3 100644 --- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml @@ -2,4 +2,4 @@ # Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977 include: - template: Jobs/Secret-Detection.gitlab-ci.yml + - template: Jobs/Secret-Detection.gitlab-ci.yml diff --git a/lib/gitlab/ci/trace/section_parser.rb b/lib/gitlab/ci/trace/section_parser.rb index f33f8cc56c1..a6c1bf28f24 100644 --- a/lib/gitlab/ci/trace/section_parser.rb +++ b/lib/gitlab/ci/trace/section_parser.rb @@ -74,7 +74,7 @@ module Gitlab end def beginning_of_section_regex - @beginning_of_section_regex ||= /section_/.freeze + @beginning_of_section_regex ||= /section_/ end def find_next_marker(scanner) diff --git a/lib/gitlab/ci/variables/collection/item.rb b/lib/gitlab/ci/variables/collection/item.rb index 73452d83bce..2334db0718f 100644 --- a/lib/gitlab/ci/variables/collection/item.rb +++ b/lib/gitlab/ci/variables/collection/item.rb @@ -7,7 +7,7 @@ module Gitlab class Item include Gitlab::Utils::StrongMemoize - VARIABLES_REGEXP = /\$\$|%%|\$(?<key>[a-zA-Z_][a-zA-Z0-9_]*)|\${\g<key>?}|%\g<key>%/.freeze.freeze + VARIABLES_REGEXP = /\$\$|%%|\$(?<key>[a-zA-Z_][a-zA-Z0-9_]*)|\${\g<key>?}|%\g<key>%/ VARIABLE_REF_CHARS = %w[$ %].freeze def initialize(key:, value:, public: true, file: false, masked: false, raw: false) @@ -34,6 +34,10 @@ module Gitlab @variable.fetch(:file) end + def masked? + @variable.fetch(:masked) + end + def [](key) @variable.fetch(key) end diff --git a/lib/gitlab/ci/yaml_processor.rb b/lib/gitlab/ci/yaml_processor.rb index 289f41b4ec7..cf5755242e2 100644 --- a/lib/gitlab/ci/yaml_processor.rb +++ b/lib/gitlab/ci/yaml_processor.rb @@ -209,7 +209,8 @@ module Gitlab return unless project && sha && project.repository_exists? && project.commit(sha) unless project_ref_contains_sha? - error!('Could not validate configuration. Config originates from external project') + error!('Could not validate configuration. The configuration originates from an external ' \ + 'project or a commit not associated with a Git reference (a detached commit)') end end |