Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc2

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-11-30 14:02:35 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-11-30 14:02:35 +0300
commit: 434a0ce52d75e13d48eac9ce83774954c7c5d48d (patch)
tree: de3b7a7cf1ce8b07555f28df592297c76894c90f /lib/gitlab/ci
parent: 0a0d9493ca481c56b739a3df27c31262283150fe (diff)
12 files changed, 89 insertions, 17 deletions
diff --git a/lib/gitlab/ci/build/rules/rule/clause/changes.rb b/lib/gitlab/ci/build/rules/rule/clause/changes.rb
index cbecce57163..9c2f6eea1dd 100644
--- a/lib/gitlab/ci/build/rules/rule/clause/changes.rb
+++ b/lib/gitlab/ci/build/rules/rule/clause/changes.rb
@@ -11,7 +11,7 @@ module Gitlab
         def satisfied_by?(pipeline, context)
           return true if pipeline.modified_paths.nil?
 
-          expanded_globs = expand_globs(pipeline, context)
+          expanded_globs = expand_globs(context)
           pipeline.modified_paths.any? do |path|
             expanded_globs.any? do |glob|
               File.fnmatch?(glob, path, File::FNM_PATHNAME | File::FNM_DOTMATCH | File::FNM_EXTGLOB)
@@ -19,8 +19,7 @@ module Gitlab
           end
         end
 
-        def expand_globs(pipeline, context)
-          return @globs unless ::Feature.enabled?(:ci_variable_expansion_in_rules_changes, pipeline.project, default_enabled: true)
+        def expand_globs(context)
           return @globs unless context
 
           @globs.map do |glob|
diff --git a/lib/gitlab/ci/parsers.rb b/lib/gitlab/ci/parsers.rb
index 0e44475607b..57f73c265b2 100644
--- a/lib/gitlab/ci/parsers.rb
+++ b/lib/gitlab/ci/parsers.rb
@@ -10,7 +10,8 @@ module Gitlab
           junit: ::Gitlab::Ci::Parsers::Test::Junit,
           cobertura: ::Gitlab::Ci::Parsers::Coverage::Cobertura,
           terraform: ::Gitlab::Ci::Parsers::Terraform::Tfplan,
-          accessibility: ::Gitlab::Ci::Parsers::Accessibility::Pa11y
+          accessibility: ::Gitlab::Ci::Parsers::Accessibility::Pa11y,
+          codequality: ::Gitlab::Ci::Parsers::Codequality::CodeClimate
         }
       end
 
diff --git a/lib/gitlab/ci/parsers/codequality/code_climate.rb b/lib/gitlab/ci/parsers/codequality/code_climate.rb
new file mode 100644
index 00000000000..628d50b84cb
--- /dev/null
+++ b/lib/gitlab/ci/parsers/codequality/code_climate.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Parsers
+      module Codequality
+        class CodeClimate
+          def parse!(json_data, codequality_report)
+            root = Gitlab::Json.parse(json_data)
+
+            parse_all(root, codequality_report)
+          rescue JSON::ParserError => e
+            codequality_report.set_error_message("JSON parsing failed: #{e}")
+          end
+
+          private
+
+          def parse_all(root, codequality_report)
+            return unless root.present?
+
+            root.each do |degradation|
+              break unless codequality_report.add_degradation(degradation)
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/pipeline/chain/cancel_pending_pipelines.rb b/lib/gitlab/ci/pipeline/chain/cancel_pending_pipelines.rb
index a864c843dd8..2ca51930c19 100644
--- a/lib/gitlab/ci/pipeline/chain/cancel_pending_pipelines.rb
+++ b/lib/gitlab/ci/pipeline/chain/cancel_pending_pipelines.rb
@@ -35,7 +35,7 @@ module Gitlab
           # rubocop: enable CodeReuse/ActiveRecord
 
           def pipelines
-            if ::Feature.enabled?(:ci_auto_cancel_all_pipelines, project, default_enabled: false)
+            if ::Feature.enabled?(:ci_auto_cancel_all_pipelines, project, default_enabled: true)
               project.all_pipelines.ci_and_parent_sources
             else
               project.ci_pipelines
diff --git a/lib/gitlab/ci/reports/codequality_reports.rb b/lib/gitlab/ci/reports/codequality_reports.rb
new file mode 100644
index 00000000000..060a1e2399b
--- /dev/null
+++ b/lib/gitlab/ci/reports/codequality_reports.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Ci
+    module Reports
+      class CodequalityReports
+        attr_reader :degradations, :error_message
+
+        CODECLIMATE_SCHEMA_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'codeclimate.json').to_s
+
+        def initialize
+          @degradations = {}.with_indifferent_access
+          @error_message = nil
+        end
+
+        def add_degradation(degradation)
+          valid_degradation?(degradation) && @degradations[degradation.dig('fingerprint')] = degradation
+        end
+
+        def set_error_message(error)
+          @error_message = error
+        end
+
+        def degradations_count
+          @degradations.size
+        end
+
+        def all_degradations
+          @degradations.values
+        end
+
+        private
+
+        def valid_degradation?(degradation)
+          JSON::Validator.validate!(CODECLIMATE_SCHEMA_PATH, degradation)
+        rescue JSON::Schema::ValidationError => e
+          set_error_message("Invalid degradation format: #{e.message}")
+          false
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
index 385959389de..e5b40e5f49a 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
@@ -1,5 +1,5 @@
 .auto-deploy:
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.0.0-beta.2"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-deploy-image:v2.0.0"
   dependencies: []
 
 review:
diff --git a/lib/gitlab/ci/templates/OpenShift.gitlab-ci.yml b/lib/gitlab/ci/templates/OpenShift.gitlab-ci.yml
index 65abee1f5eb..3faf07546de 100644
--- a/lib/gitlab/ci/templates/OpenShift.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/OpenShift.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ayufan/openshift-cli
+image: openshift/origin-cli
 
 stages:
   - build  # dummy stage to follow the template guidelines
diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
index 3cbde9d30c8..5ea2363a0c5 100644
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
@@ -8,7 +8,7 @@ variables:
 
 container_scanning:
   stage: test
-  image: $SECURE_ANALYZERS_PREFIX/klar:$CS_MAJOR_VERSION
+  image: "$CS_ANALYZER_IMAGE"
   variables:
     # By default, use the latest clair vulnerabilities database, however, allow it to be overridden here with a specific image
     # to enable container scanning to run offline, or to provide a consistent list of vulnerabilities for integration testing purposes
@@ -18,6 +18,7 @@ container_scanning:
     # file. See https://docs.gitlab.com/ee/user/application_security/container_scanning/index.html#overriding-the-container-scanning-template
     # for details
     GIT_STRATEGY: none
+    CS_ANALYZER_IMAGE: $SECURE_ANALYZERS_PREFIX/klar:$CS_MAJOR_VERSION
   allow_failure: true
   services:
     - name: $CLAIR_DB_IMAGE
diff --git a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
index 3789f0edc1c..b534dad9593 100644
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -28,11 +28,8 @@ dependency_scanning:
 .ds-analyzer:
   extends: dependency_scanning
   allow_failure: true
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   script:
     - /analyzer run
 
diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
index a51cb61da6d..671e2346fcb 100644
--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -30,10 +30,8 @@ sast:
 .sast-analyzer:
   extends: sast
   allow_failure: true
-  rules:
-    - if: $SAST_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   script:
     - /analyzer run
 
diff --git a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
index 6ebff102ccb..8ca1d2e08ba 100644
--- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
@@ -14,6 +14,9 @@ variables:
   stage: test
   image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
   services: []
+  allow_failure: true
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   artifacts:
     reports:
       secret_detection: gl-secret-detection-report.json
diff --git a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
index e455bfac9de..910e711f046 100644
--- a/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
@@ -56,5 +56,6 @@ cache:
 .destroy: &destroy
   stage: cleanup
   script:
+    - cd ${TF_ROOT}
     - gitlab-terraform destroy
   when: manual
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-11-30 14:02:35 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-11-30 14:02:35 +0300
commit	434a0ce52d75e13d48eac9ce83774954c7c5d48d (patch)
tree	de3b7a7cf1ce8b07555f28df592297c76894c90f /lib/gitlab/ci
parent	0a0d9493ca481c56b739a3df27c31262283150fe (diff)