diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-02 18:17:50 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-02 18:17:50 +0300 |
commit | 65c71039ebe065a6c97e226f5743bd637680a14e (patch) | |
tree | a0c7a9d7f1fd65f290318cc7465cd3d07354a908 /lib | |
parent | 292384904c9d821acca2f92d2de2f0b2ed5216df (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib')
24 files changed, 69 insertions, 638 deletions
diff --git a/lib/extracts_path.rb b/lib/extracts_path.rb index 8f6576c2206..db5c3bb1d4a 100644 --- a/lib/extracts_path.rb +++ b/lib/extracts_path.rb @@ -16,6 +16,8 @@ module ExtractsPath id_without_atom = id.sub(/\.atom$/, '') valid_refs = ref_names.select { |v| "#{id_without_atom}/".start_with?("#{v}/") } + raise InvalidPathError if valid_refs.blank? + valid_refs.max_by(&:length) end diff --git a/lib/gitlab/background_migration/backfill_designs_relative_position.rb b/lib/gitlab/background_migration/backfill_designs_relative_position.rb deleted file mode 100644 index efbb1b950ad..00000000000 --- a/lib/gitlab/background_migration/backfill_designs_relative_position.rb +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # This migration is not needed anymore and was disabled, because we're now - # also backfilling design positions immediately before moving a design. - # - # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39555 - class BackfillDesignsRelativePosition - def perform(issue_ids) - # no-op - end - end - end -end diff --git a/lib/gitlab/background_migration/backfill_legacy_project_repositories.rb b/lib/gitlab/background_migration/backfill_legacy_project_repositories.rb deleted file mode 100644 index 6dc92672929..00000000000 --- a/lib/gitlab/background_migration/backfill_legacy_project_repositories.rb +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # Class that will fill the project_repositories table for projects that - # are on legacy storage and an entry is is missing in this table. - class BackfillLegacyProjectRepositories < BackfillProjectRepositories - private - - def projects - Project.with_parent.on_legacy_storage - end - end - end -end diff --git a/lib/gitlab/background_migration/backfill_project_updated_at_after_repository_storage_move.rb b/lib/gitlab/background_migration/backfill_project_updated_at_after_repository_storage_move.rb deleted file mode 100644 index 030dfd2d99b..00000000000 --- a/lib/gitlab/background_migration/backfill_project_updated_at_after_repository_storage_move.rb +++ /dev/null @@ -1,22 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # Update existent project update_at column after their repository storage was moved - class BackfillProjectUpdatedAtAfterRepositoryStorageMove - def perform(*project_ids) - updated_repository_storages = Projects::RepositoryStorageMove.select("project_id, MAX(updated_at) as updated_at").where(project_id: project_ids).group(:project_id) - - Project.connection.execute <<-SQL - WITH repository_storage_cte as #{Gitlab::Database::AsWithMaterialized.materialized_if_supported} ( - #{updated_repository_storages.to_sql} - ) - UPDATE projects - SET updated_at = (repository_storage_cte.updated_at + interval '1 second') - FROM repository_storage_cte - WHERE projects.id = repository_storage_cte.project_id AND projects.updated_at <= repository_storage_cte.updated_at - SQL - end - end - end -end diff --git a/lib/gitlab/background_migration/backfill_version_data_from_gitaly.rb b/lib/gitlab/background_migration/backfill_version_data_from_gitaly.rb deleted file mode 100644 index 41f7f7f2f24..00000000000 --- a/lib/gitlab/background_migration/backfill_version_data_from_gitaly.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # rubocop: disable Style/Documentation - class BackfillVersionDataFromGitaly - def perform(issue_id) - end - end - end -end - -Gitlab::BackgroundMigration::BackfillVersionDataFromGitaly.prepend_mod_with('Gitlab::BackgroundMigration::BackfillVersionDataFromGitaly') diff --git a/lib/gitlab/background_migration/calculate_wiki_sizes.rb b/lib/gitlab/background_migration/calculate_wiki_sizes.rb deleted file mode 100644 index 7b334b9c1d0..00000000000 --- a/lib/gitlab/background_migration/calculate_wiki_sizes.rb +++ /dev/null @@ -1,18 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class CalculateWikiSizes - def perform(start_id, stop_id) - ::ProjectStatistics.where(wiki_size: nil) - .where(id: start_id..stop_id) - .includes(project: [:route, :group, namespace: [:owner]]).find_each do |statistics| - statistics.refresh!(only: [:wiki_size]) - rescue StandardError => e - Gitlab::AppLogger.error "Failed to update wiki statistics. id: #{statistics.id} message: #{e.message}" - end - end - end - end -end diff --git a/lib/gitlab/background_migration/cleanup_optimistic_locking_nulls.rb b/lib/gitlab/background_migration/cleanup_optimistic_locking_nulls.rb deleted file mode 100644 index bf69ef352cc..00000000000 --- a/lib/gitlab/background_migration/cleanup_optimistic_locking_nulls.rb +++ /dev/null @@ -1,32 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class CleanupOptimisticLockingNulls - QUERY_ITEM_SIZE = 1_000 - - # table - The name of the table the migration is performed for. - # start_id - The ID of the object to start at - # stop_id - The ID of the object to end at - def perform(start_id, stop_id, table) - model = define_model_for(table) - - # After analysis done, a batch size of 1,000 items per query was found to be - # the most optimal. Discussion in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18418#note_282285336 - (start_id..stop_id).each_slice(QUERY_ITEM_SIZE).each do |range| - model - .where(lock_version: nil) - .where("ID BETWEEN ? AND ?", range.first, range.last) - .update_all(lock_version: 0) - end - end - - def define_model_for(table) - Class.new(ActiveRecord::Base) do - self.table_name = table - end - end - end - end -end diff --git a/lib/gitlab/background_migration/fill_valid_time_for_pages_domain_certificate.rb b/lib/gitlab/background_migration/fill_valid_time_for_pages_domain_certificate.rb deleted file mode 100644 index 7b5c32e3d6d..00000000000 --- a/lib/gitlab/background_migration/fill_valid_time_for_pages_domain_certificate.rb +++ /dev/null @@ -1,33 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # save validity time pages domain - class FillValidTimeForPagesDomainCertificate - # define PagesDomain with only needed code - class PagesDomain < ActiveRecord::Base - self.table_name = 'pages_domains' - - def x509 - return unless certificate.present? - - @x509 ||= OpenSSL::X509::Certificate.new(certificate) - rescue OpenSSL::X509::CertificateError - nil - end - end - - def perform(start_id, stop_id) - PagesDomain.where(id: start_id..stop_id).find_each do |domain| - # for some reason activerecord doesn't append timezone, iso8601 forces this - domain.update_columns( - certificate_valid_not_before: domain.x509&.not_before&.iso8601, - certificate_valid_not_after: domain.x509&.not_after&.iso8601 - ) - rescue StandardError => e - Gitlab::AppLogger.error "Failed to update pages domain certificate valid time. id: #{domain.id}, message: #{e.message}" - end - end - end - end -end diff --git a/lib/gitlab/background_migration/fix_pages_access_level.rb b/lib/gitlab/background_migration/fix_pages_access_level.rb deleted file mode 100644 index 8e46021bd93..00000000000 --- a/lib/gitlab/background_migration/fix_pages_access_level.rb +++ /dev/null @@ -1,128 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # corrects stored pages access level on db depending on project visibility - class FixPagesAccessLevel - # Copy routable here to avoid relying on application logic - module Routable - def build_full_path - if parent && path - parent.build_full_path + '/' + path - else - path - end - end - end - - # Namespace - class Namespace < ActiveRecord::Base - self.table_name = 'namespaces' - self.inheritance_column = :_type_disabled - - include Routable - - belongs_to :parent, class_name: "Namespace" - end - - # Project - class Project < ActiveRecord::Base - self.table_name = 'projects' - self.inheritance_column = :_type_disabled - - include Routable - - belongs_to :namespace - alias_method :parent, :namespace - alias_attribute :parent_id, :namespace_id - - PRIVATE = 0 - INTERNAL = 10 - PUBLIC = 20 - - def pages_deployed? - Dir.exist?(public_pages_path) - end - - def public_pages_path - File.join(pages_path, 'public') - end - - def pages_path - # TODO: when we migrate Pages to work with new storage types, change here to use disk_path - File.join(Settings.pages.path, build_full_path) - end - end - - # ProjectFeature - class ProjectFeature < ActiveRecord::Base - include ::EachBatch - - self.table_name = 'project_features' - - belongs_to :project - - PRIVATE = 10 - ENABLED = 20 - PUBLIC = 30 - end - - def perform(start_id, stop_id) - fix_public_access_level(start_id, stop_id) - - make_internal_projects_public(start_id, stop_id) - - fix_private_access_level(start_id, stop_id) - end - - private - - def access_control_is_enabled - @access_control_is_enabled = Gitlab.config.pages.access_control - end - - # Public projects are allowed to have only enabled pages_access_level - # which is equivalent to public - def fix_public_access_level(start_id, stop_id) - project_features(start_id, stop_id, ProjectFeature::PUBLIC, Project::PUBLIC).each_batch do |features| - features.update_all(pages_access_level: ProjectFeature::ENABLED) - end - end - - # If access control is disabled and project has pages deployed - # project will become unavailable when access control will become enabled - # we make these projects public to avoid negative surprise to user - def make_internal_projects_public(start_id, stop_id) - return if access_control_is_enabled - - project_features(start_id, stop_id, ProjectFeature::ENABLED, Project::INTERNAL).find_each do |project_feature| - next unless project_feature.project.pages_deployed? - - project_feature.update(pages_access_level: ProjectFeature::PUBLIC) - end - end - - # Private projects are not allowed to have enabled access level, only `private` and `public` - # If access control is enabled, these projects currently behave as if they have `private` pages_access_level - # if access control is disabled, these projects currently behave as if they have `public` pages_access_level - # so we preserve this behaviour for projects with pages already deployed - # for project without pages we always set `private` access_level - def fix_private_access_level(start_id, stop_id) - project_features(start_id, stop_id, ProjectFeature::ENABLED, Project::PRIVATE).find_each do |project_feature| - if access_control_is_enabled - project_feature.update!(pages_access_level: ProjectFeature::PRIVATE) - else - fixed_access_level = project_feature.project.pages_deployed? ? ProjectFeature::PUBLIC : ProjectFeature::PRIVATE - project_feature.update!(pages_access_level: fixed_access_level) - end - end - end - - def project_features(start_id, stop_id, pages_access_level, project_visibility_level) - ProjectFeature.where(id: start_id..stop_id).joins(:project) - .where(pages_access_level: pages_access_level) - .where(projects: { visibility_level: project_visibility_level }) - end - end - end -end diff --git a/lib/gitlab/background_migration/generate_gitlab_subscriptions.rb b/lib/gitlab/background_migration/generate_gitlab_subscriptions.rb deleted file mode 100644 index 160e6d2fe8b..00000000000 --- a/lib/gitlab/background_migration/generate_gitlab_subscriptions.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # rubocop: disable Style/Documentation - class GenerateGitlabSubscriptions - def perform(start_id, stop_id) - end - end - end -end - -Gitlab::BackgroundMigration::GenerateGitlabSubscriptions.prepend_mod_with('Gitlab::BackgroundMigration::GenerateGitlabSubscriptions') diff --git a/lib/gitlab/background_migration/migrate_devops_segments_to_groups.rb b/lib/gitlab/background_migration/migrate_devops_segments_to_groups.rb deleted file mode 100644 index d85f980d3f1..00000000000 --- a/lib/gitlab/background_migration/migrate_devops_segments_to_groups.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true -module Gitlab - module BackgroundMigration - # EE-specific migration - class MigrateDevopsSegmentsToGroups - def perform - # no-op for CE - end - end - end -end - -Gitlab::BackgroundMigration::MigrateDevopsSegmentsToGroups.prepend_mod_with('Gitlab::BackgroundMigration::MigrateDevopsSegmentsToGroups') diff --git a/lib/gitlab/background_migration/populate_finding_uuid_for_vulnerability_feedback.rb b/lib/gitlab/background_migration/populate_finding_uuid_for_vulnerability_feedback.rb deleted file mode 100644 index 909bf10341a..00000000000 --- a/lib/gitlab/background_migration/populate_finding_uuid_for_vulnerability_feedback.rb +++ /dev/null @@ -1,124 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # This class populates the `finding_uuid` attribute for - # the existing `vulnerability_feedback` records. - class PopulateFindingUuidForVulnerabilityFeedback - REPORT_TYPES = { - sast: 0, - dependency_scanning: 1, - container_scanning: 2, - dast: 3, - secret_detection: 4, - coverage_fuzzing: 5, - api_fuzzing: 6 - }.freeze - - class VulnerabilityFeedback < ActiveRecord::Base # rubocop:disable Style/Documentation - include EachBatch - - self.table_name = 'vulnerability_feedback' - - enum category: REPORT_TYPES - - scope :in_range, -> (start, stop) { where(id: start..stop) } - scope :without_uuid, -> { where(finding_uuid: nil) } - - def self.load_vulnerability_findings - all.to_a.tap { |collection| collection.each(&:vulnerability_finding) } - end - - def set_finding_uuid - return unless vulnerability_finding.present? && vulnerability_finding.primary_identifier.present? - - update_column(:finding_uuid, calculated_uuid) - rescue StandardError => error - Gitlab::ErrorTracking.track_and_raise_for_dev_exception(error) - end - - def vulnerability_finding - BatchLoader.for(finding_key).batch do |finding_keys, loader| - project_ids = finding_keys.map { |key| key[:project_id] } - categories = finding_keys.map { |key| key[:category] } - fingerprints = finding_keys.map { |key| key[:project_fingerprint] } - - findings = Finding.with_primary_identifier.where( - project_id: project_ids.uniq, - report_type: categories.uniq, - project_fingerprint: fingerprints.uniq - ).to_a - - finding_keys.each do |finding_key| - loader.call( - finding_key, - findings.find { |f| finding_key == f.finding_key } - ) - end - end - end - - private - - def calculated_uuid - ::Security::VulnerabilityUUID.generate( - report_type: category, - primary_identifier_fingerprint: vulnerability_finding.primary_identifier.fingerprint, - location_fingerprint: vulnerability_finding.location_fingerprint, - project_id: project_id - ) - end - - def finding_key - { - project_id: project_id, - category: category, - project_fingerprint: project_fingerprint - } - end - end - - class Finding < ActiveRecord::Base # rubocop:disable Style/Documentation - include ShaAttribute - - self.table_name = 'vulnerability_occurrences' - - sha_attribute :project_fingerprint - sha_attribute :location_fingerprint - - belongs_to :primary_identifier, class_name: 'Gitlab::BackgroundMigration::PopulateFindingUuidForVulnerabilityFeedback::Identifier' - - enum report_type: REPORT_TYPES - - scope :with_primary_identifier, -> { includes(:primary_identifier) } - - def finding_key - { - project_id: project_id, - category: report_type, - project_fingerprint: project_fingerprint - } - end - end - - class Identifier < ActiveRecord::Base # rubocop:disable Style/Documentation - self.table_name = 'vulnerability_identifiers' - end - - def perform(*range) - feedback = VulnerabilityFeedback.without_uuid.in_range(*range).load_vulnerability_findings - feedback.each(&:set_finding_uuid) - - log_info(feedback.count) - end - - def log_info(feedback_count) - ::Gitlab::BackgroundMigration::Logger.info( - migrator: self.class.name, - message: '`finding_uuid` attributes has been set', - count: feedback_count - ) - end - end - end -end diff --git a/lib/gitlab/background_migration/populate_issue_email_participants.rb b/lib/gitlab/background_migration/populate_issue_email_participants.rb deleted file mode 100644 index 2b959b81f45..00000000000 --- a/lib/gitlab/background_migration/populate_issue_email_participants.rb +++ /dev/null @@ -1,28 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # Class to migrate service_desk_reply_to email addresses to issue_email_participants - class PopulateIssueEmailParticipants - # rubocop:disable Style/Documentation - class TmpIssue < ActiveRecord::Base - self.table_name = 'issues' - end - - def perform(start_id, stop_id) - issues = TmpIssue.select(:id, :service_desk_reply_to, :created_at).where(id: (start_id..stop_id)).where.not(service_desk_reply_to: nil) - - rows = issues.map do |issue| - { - issue_id: issue.id, - email: issue.service_desk_reply_to, - created_at: issue.created_at, - updated_at: issue.created_at - } - end - - ApplicationRecord.legacy_bulk_insert(:issue_email_participants, rows, on_conflict: :do_nothing) # rubocop:disable Gitlab/BulkInsert - end - end - end -end diff --git a/lib/gitlab/background_migration/recalculate_project_authorizations.rb b/lib/gitlab/background_migration/recalculate_project_authorizations.rb deleted file mode 100644 index 6a250a96c94..00000000000 --- a/lib/gitlab/background_migration/recalculate_project_authorizations.rb +++ /dev/null @@ -1,12 +0,0 @@ -# frozen_string_literal: true - -module Gitlab - module BackgroundMigration - # rubocop:disable Style/Documentation - class RecalculateProjectAuthorizations - def perform(user_ids) - # no-op - end - end - end -end diff --git a/lib/gitlab/background_migration/sync_blocking_issues_count.rb b/lib/gitlab/background_migration/sync_blocking_issues_count.rb deleted file mode 100644 index 49a632952fb..00000000000 --- a/lib/gitlab/background_migration/sync_blocking_issues_count.rb +++ /dev/null @@ -1,13 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class SyncBlockingIssuesCount - def perform(start_id, end_id) - end - end - end -end - -Gitlab::BackgroundMigration::SyncBlockingIssuesCount.prepend_mod_with('Gitlab::BackgroundMigration::SyncBlockingIssuesCount') diff --git a/lib/gitlab/background_migration/sync_issues_state_id.rb b/lib/gitlab/background_migration/sync_issues_state_id.rb deleted file mode 100644 index 2a0751928b8..00000000000 --- a/lib/gitlab/background_migration/sync_issues_state_id.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class SyncIssuesStateId - def perform(start_id, end_id) - ActiveRecord::Base.connection.execute <<~SQL - UPDATE issues - SET state_id = - CASE state - WHEN 'opened' THEN 1 - WHEN 'closed' THEN 2 - END - WHERE state_id IS NULL - AND id BETWEEN #{start_id} AND #{end_id} - SQL - end - end - end -end diff --git a/lib/gitlab/background_migration/sync_merge_requests_state_id.rb b/lib/gitlab/background_migration/sync_merge_requests_state_id.rb deleted file mode 100644 index 6707e178d8b..00000000000 --- a/lib/gitlab/background_migration/sync_merge_requests_state_id.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class SyncMergeRequestsStateId - def perform(start_id, end_id) - ActiveRecord::Base.connection.execute <<~SQL - UPDATE merge_requests - SET state_id = - CASE state - WHEN 'opened' THEN 1 - WHEN 'closed' THEN 2 - WHEN 'merged' THEN 3 - WHEN 'locked' THEN 4 - END - WHERE state_id IS NULL - AND id BETWEEN #{start_id} AND #{end_id} - SQL - end - end - end -end diff --git a/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer.rb b/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer.rb deleted file mode 100644 index 665ad7abcbb..00000000000 --- a/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer.rb +++ /dev/null @@ -1,98 +0,0 @@ -# frozen_string_literal: true -# rubocop:disable Style/Documentation - -module Gitlab - module BackgroundMigration - class WrongfullyConfirmedEmailUnconfirmer - class UserModel < ActiveRecord::Base - alias_method :reset, :reload - - self.table_name = 'users' - - scope :active, -> { where(state: 'active', user_type: nil) } # only humans, skip bots - - devise :confirmable - end - - class EmailModel < ActiveRecord::Base - alias_method :reset, :reload - - self.table_name = 'emails' - - belongs_to :user - - devise :confirmable - - def self.wrongfully_confirmed_emails(start_id, stop_id) - joins(:user) - .merge(UserModel.active) - .where(id: (start_id..stop_id)) - .where.not('emails.confirmed_at' => nil) - .where('emails.confirmed_at = users.confirmed_at') - .where('emails.email <> users.email') - .where('NOT EXISTS (SELECT 1 FROM user_synced_attributes_metadata WHERE user_id=users.id AND email_synced IS true)') - end - end - - def perform(start_id, stop_id) - email_records = EmailModel - .wrongfully_confirmed_emails(start_id, stop_id) - .to_a - - user_ids = email_records.map(&:user_id).uniq - - ActiveRecord::Base.transaction do - update_email_records(start_id, stop_id) - update_user_records(user_ids) - end - - # Refind the records with the "real" Email model so devise will notice that the user / email is unconfirmed - unconfirmed_email_records = ::Email.where(id: email_records.map(&:id)) - ActiveRecord::Associations::Preloader.new.preload(unconfirmed_email_records, [:user]) - - send_emails(unconfirmed_email_records) - end - - private - - def update_email_records(start_id, stop_id) - EmailModel.connection.execute <<-SQL - WITH md5_strings as #{Gitlab::Database::AsWithMaterialized.materialized_if_supported} ( - #{email_query_for_update(start_id, stop_id).to_sql} - ) - UPDATE #{EmailModel.connection.quote_table_name(EmailModel.table_name)} - SET confirmed_at = NULL, - confirmation_token = md5_strings.md5_string, - confirmation_sent_at = NOW() - FROM md5_strings - WHERE id = md5_strings.email_id - SQL - end - - def update_user_records(user_ids) - UserModel - .where(id: user_ids) - .update_all("confirmed_at = NULL, confirmation_sent_at = NOW(), unconfirmed_email = NULL, confirmation_token=md5(users.id::varchar || users.created_at || users.encrypted_password || '#{Integer(Time.now.to_i)}')") - end - - def email_query_for_update(start_id, stop_id) - EmailModel - .wrongfully_confirmed_emails(start_id, stop_id) - .select('emails.id as email_id', "md5(emails.id::varchar || emails.created_at || users.encrypted_password || '#{Integer(Time.now.to_i)}') as md5_string") - end - - def send_emails(email_records) - user_records = email_records.map(&:user).uniq - - user_records.each do |user| - Gitlab::BackgroundMigration::Mailers::UnconfirmMailer.unconfirm_notification_email(user).deliver_later - DeviseMailer.confirmation_instructions(user, user.confirmation_token).deliver_later(wait: 1.minute) - end - - email_records.each do |email| - DeviseMailer.confirmation_instructions(email, email.confirmation_token).deliver_later(wait: 1.minute) - end - end - end - end -end diff --git a/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml b/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml new file mode 100644 index 00000000000..6dbd0ce9561 --- /dev/null +++ b/lib/gitlab/ci/templates/Qualys-IaC-Security.gitlab-ci.yml @@ -0,0 +1,47 @@ +# This template is provided and maintained by Qualys Inc., an official Technology Partner with GitLab. +# See https://about.gitlab.com/partners/technology-partners/#security for more information. +# +# This template shows how to use Qualys IaC Scan with a GitLab CI/CD pipeline. +# Qualys and GitLab users can use this to scan their IaC templates for misconfigurations. +# Documentation about this integration: https://www.qualys.com/documentation/qualys-iac-gitlab-integration.pdf +# +# This template should not need editing to work in your project. +# It is not designed to be included in an existing CI/CD configuration with the "include:" keyword. +# +# The `qualys_iac_sast` job runs for branch (push) pipelines, including scheduled +# and manually run branch pipelines. +# +# The sast-report output complies with GitLab's format. This report displays Qualys IaC Scan's +# results in the Security tab in the pipeline view, if you have that feature enabled (GitLab Ultimate only). +# The Qualys IaC Scan output is available in the Jobs tab in the pipeline view. +# +# Requirements: +# Before you can use this template, add the following CI/CD variables to your +# project CI/CD settings: +# +# - QUALYS_URL: The Qualys guard URL. +# - QUALYS_USERNAME: The Qualys username. +# - QUALYS_PASSWORD: The Qualys password. Make this variable masked. +# - BREAK_ON_ERROR: (optional) If you don't want the pipeline to fail on an error, +# then add this variable and set it to "false". Otherwise set it +# to "true", or omit the variable. + +stages: + - build + - test + - qualys_iac_scan + - deploy + +qualys_iac_sast: + stage: qualys_iac_scan + image: + name: qualys/qiac_security_cli:latest + entrypoint: [""] + script: + - sh /home/qiac/gitlab.sh + artifacts: + name: "qualys-iac-sast-artifacts" + paths: + - qualys_iac_ci_result.json + reports: + sast: gl-sast-qualys-iac-ci-report.json diff --git a/lib/gitlab/database/migrations/instrumentation.rb b/lib/gitlab/database/migrations/instrumentation.rb index 1f7e81cae84..7f34768350b 100644 --- a/lib/gitlab/database/migrations/instrumentation.rb +++ b/lib/gitlab/database/migrations/instrumentation.rb @@ -15,30 +15,26 @@ module Gitlab end def observe(version:, name:, connection:, &block) - observation = Observation.new(version, name) - observation.success = true + observation = Observation.new(version: version, name: name, success: false) observers = observer_classes.map { |c| c.new(observation, @result_dir, connection) } - exception = nil - on_each_observer(observers) { |observer| observer.before } - observation.walltime = Benchmark.realtime do - yield - rescue StandardError => e - exception = e - observation.success = false - end + start = Process.clock_gettime(Process::CLOCK_MONOTONIC) + + yield + + observation.success = true + + observation + ensure + observation.walltime = Process.clock_gettime(Process::CLOCK_MONOTONIC) - start on_each_observer(observers) { |observer| observer.after } on_each_observer(observers) { |observer| observer.record } record_observation(observation) - - raise exception if exception - - observation end private diff --git a/lib/gitlab/database/migrations/observation.rb b/lib/gitlab/database/migrations/observation.rb index a494c357950..228eea3393c 100644 --- a/lib/gitlab/database/migrations/observation.rb +++ b/lib/gitlab/database/migrations/observation.rb @@ -10,7 +10,8 @@ module Gitlab :walltime, :success, :total_database_size_change, - :query_statistics + :query_statistics, + keyword_init: true ) end end diff --git a/lib/gitlab/github_import/importer/releases_importer.rb b/lib/gitlab/github_import/importer/releases_importer.rb index c1fbd868800..64ec0251e54 100644 --- a/lib/gitlab/github_import/importer/releases_importer.rb +++ b/lib/gitlab/github_import/importer/releases_importer.rb @@ -21,10 +21,12 @@ module Gitlab end def already_imported?(release) - existing_tags.include?(release.tag_name) + existing_tags.include?(release.tag_name) || release.tag_name.nil? end def build(release) + existing_tags.add(release.tag_name) + { name: release.name, tag: release.tag_name, diff --git a/lib/gitlab/legacy_github_import/release_formatter.rb b/lib/gitlab/legacy_github_import/release_formatter.rb index a083ae60726..0fb7e376f5b 100644 --- a/lib/gitlab/legacy_github_import/release_formatter.rb +++ b/lib/gitlab/legacy_github_import/release_formatter.rb @@ -25,7 +25,7 @@ module Gitlab end def valid? - !raw_data.draft + !raw_data.draft && raw_data.tag_name.present? end end end diff --git a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml index 55ed9a42512..5735cb46318 100644 --- a/lib/gitlab/usage_data_counters/known_events/ci_templates.yml +++ b/lib/gitlab/usage_data_counters/known_events/ci_templates.yml @@ -151,6 +151,10 @@ category: ci_templates redis_slot: ci_templates aggregation: weekly +- name: p_ci_templates_qualys_iac_security + category: ci_templates + redis_slot: ci_templates + aggregation: weekly - name: p_ci_templates_ios_fastlane category: ci_templates redis_slot: ci_templates |