diff options
Diffstat (limited to '.gitlab')
39 files changed, 411 insertions, 234 deletions
diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS index 7143d32b2cd..0e6613eb48e 100644 --- a/.gitlab/CODEOWNERS +++ b/.gitlab/CODEOWNERS @@ -2,7 +2,7 @@ # project here: https://gitlab.com/gitlab-org/gitlab/-/project_members # As described in https://docs.gitlab.com/ee/user/project/code_owners.html -* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gl-quality/tooling-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @nolith @gitlab-org/tw-leadership @gitlab-org/maintainers/kas-version-maintainers +* @gitlab-org/maintainers/rails-backend @gitlab-org/maintainers/frontend @gitlab-org/maintainers/database @gl-quality/qe-maintainers @gl-quality/tooling-maintainers @gitlab-org/delivery @gitlab-org/maintainers/cicd-templates @gitlab-org/tw-leadership @gitlab-org/maintainers/kas-version-maintainers .gitlab/CODEOWNERS @gitlab-org/development-leaders @gitlab-org/tw-leadership @@ -51,7 +51,7 @@ GITALY_SERVER_VERSION @project_278964_bot6 @gitlab-org/maintainers/rails-backend [Clickhouse] @gitlab-org/maintainers/clickhouse /db/click_house/ /ee/db/click_house/ -/**/click(_|-)?house/ +/**/click_house/ ## We list db/ subfolders explicitly as we don't want to match Clickhouse files [Database] @gitlab-org/maintainers/database @@ -460,7 +460,7 @@ lib/gitlab/checks/** /doc/administration/auditor_users.md @jglassman1 /doc/administration/auth/ @jglassman1 /doc/administration/backup_restore/ @axil -/doc/administration/cicd.md @marcel.amirault +/doc/administration/cicd.md @marcel.amirault @lyspin /doc/administration/clusters/ @phillipwells /doc/administration/compliance.md @eread /doc/administration/configure.md @axil @@ -472,7 +472,7 @@ lib/gitlab/checks/** /doc/administration/docs_self_host.md @axil /doc/administration/encrypted_configuration.md @axil /doc/administration/environment_variables.md @axil -/doc/administration/external_pipeline_validation.md @marcel.amirault +/doc/administration/external_pipeline_validation.md @marcel.amirault @lyspin /doc/administration/external_users.md @jglassman1 /doc/administration/feature_flags.md @axil /doc/administration/file_hooks.md @eread @ashrafkhamis @@ -509,8 +509,6 @@ lib/gitlab/checks/** /doc/administration/monitoring/performance/ @jglassman1 /doc/administration/monitoring/prometheus/gitlab_exporter.md @jglassman1 /doc/administration/monitoring/prometheus/index.md @axil -/doc/administration/monitoring/prometheus/pgbouncer_exporter.md @aqualls -/doc/administration/monitoring/prometheus/postgres_exporter.md @aqualls /doc/administration/monitoring/prometheus/registry_exporter.md @phillipwells /doc/administration/monitoring/prometheus/web_exporter.md @jglassman1 /doc/administration/nfs.md @axil @@ -523,8 +521,7 @@ lib/gitlab/checks/** /doc/administration/packages/ @marcel.amirault /doc/administration/packages/index.md @phillipwells /doc/administration/polling.md @axil -/doc/administration/postgresql/ @aqualls -/doc/administration/postgresql/multiple_databases.md @lciutacu +/doc/administration/postgresql/ @lciutacu /doc/administration/raketasks/ @axil /doc/administration/raketasks/ldap.md @jglassman1 /doc/administration/raketasks/praefect.md @eread @@ -541,7 +538,7 @@ lib/gitlab/checks/** /doc/administration/review_spam_logs.md @phillipwells /doc/administration/server_hooks.md @eread /doc/administration/settings/account_and_limit_settings.md @msedlakjakubowski -/doc/administration/settings/continuous_integration.md @marcel.amirault +/doc/administration/settings/continuous_integration.md @marcel.amirault @lyspin /doc/administration/settings/deprecated_api_rate_limits.md @msedlakjakubowski /doc/administration/settings/email.md @msedlakjakubowski /doc/administration/settings/external_authorization.md @jglassman1 @@ -552,21 +549,22 @@ lib/gitlab/checks/** /doc/administration/settings/import_export_rate_limits.md @eread @ashrafkhamis /doc/administration/settings/instance_template_repository.md @msedlakjakubowski /doc/administration/settings/jira_cloud_app.md @eread @ashrafkhamis +/doc/administration/settings/jira_cloud_app_troubleshooting.md @eread @ashrafkhamis /doc/administration/settings/package_registry_rate_limits.md @phillipwells /doc/administration/settings/project_integration_management.md @eread @ashrafkhamis /doc/administration/settings/push_event_activities_limit.md @msedlakjakubowski /doc/administration/settings/rate_limit_on_issues_creation.md @msedlakjakubowski /doc/administration/settings/rate_limit_on_notes_creation.md @msedlakjakubowski -/doc/administration/settings/rate_limit_on_pipelines_creation.md @marcel.amirault +/doc/administration/settings/rate_limit_on_pipelines_creation.md @marcel.amirault @lyspin /doc/administration/settings/rate_limit_on_projects_api.md @lciutacu /doc/administration/settings/rate_limit_on_users_api.md @jglassman1 /doc/administration/settings/rate_limits_on_git_ssh_operations.md @msedlakjakubowski /doc/administration/settings/scim_setup.md @jglassman1 /doc/administration/settings/security_and_compliance.md @rdickenson +/doc/administration/settings/security_contact_information.md @eread /doc/administration/settings/slack_app.md @eread @ashrafkhamis /doc/administration/settings/terraform_limits.md @phillipwells /doc/administration/settings/third_party_offers.md @lciutacu -/doc/administration/settings/usage_statistics.md @lciutacu /doc/administration/settings/visibility_and_access_controls.md @msedlakjakubowski /doc/administration/sidekiq/ @axil /doc/administration/sidekiq/sidekiq_memory_killer.md @jglassman1 @@ -578,7 +576,6 @@ lib/gitlab/checks/** /doc/administration/terraform_state.md @phillipwells /doc/administration/timezone.md @axil /doc/administration/troubleshooting/ @axil -/doc/administration/troubleshooting/postgresql.md @aqualls /doc/administration/uploads.md @axil /doc/administration/user_settings.md @jglassman1 /doc/api/access_requests.md @jglassman1 @@ -596,7 +593,6 @@ lib/gitlab/checks/** /doc/api/commits.md @msedlakjakubowski /doc/api/container_registry.md @marcel.amirault /doc/api/custom_attributes.md @msedlakjakubowski -/doc/api/database_migrations.md @aqualls /doc/api/dependencies.md @rdickenson /doc/api/dependency_list_export.md @rdickenson /doc/api/dependency_proxy.md @marcel.amirault @@ -655,19 +651,19 @@ lib/gitlab/checks/** /doc/api/issues_statistics.md @msedlakjakubowski /doc/api/iterations.md @msedlakjakubowski /doc/api/job_artifacts.md @marcel.amirault -/doc/api/jobs.md @marcel.amirault +/doc/api/jobs.md @marcel.amirault @lyspin /doc/api/keys.md @msedlakjakubowski /doc/api/labels.md @msedlakjakubowski /doc/api/license.md @fneill /doc/api/linked_epics.md @msedlakjakubowski -/doc/api/lint.md @marcel.amirault +/doc/api/lint.md @marcel.amirault @lyspin /doc/api/markdown.md @msedlakjakubowski /doc/api/member_roles.md @jglassman1 /doc/api/members.md @jglassman1 /doc/api/merge_request_approvals.md @msedlakjakubowski /doc/api/merge_request_context_commits.md @aqualls /doc/api/merge_requests.md @aqualls -/doc/api/merge_trains.md @marcel.amirault +/doc/api/merge_trains.md @marcel.amirault @lyspin /doc/api/metadata.md @phillipwells /doc/api/milestones.md @msedlakjakubowski /doc/api/namespaces.md @jglassman1 @@ -678,9 +674,9 @@ lib/gitlab/checks/** /doc/api/packages.md @phillipwells /doc/api/packages/ @phillipwells /doc/api/personal_access_tokens.md @eread -/doc/api/pipeline_schedules.md @marcel.amirault -/doc/api/pipeline_triggers.md @marcel.amirault -/doc/api/pipelines.md @marcel.amirault +/doc/api/pipeline_schedules.md @marcel.amirault @lyspin +/doc/api/pipeline_triggers.md @marcel.amirault @lyspin +/doc/api/pipelines.md @marcel.amirault @lyspin /doc/api/plan_limits.md @jglassman1 /doc/api/product_analytics.md @lciutacu /doc/api/project_access_tokens.md @jglassman1 @@ -729,36 +725,44 @@ lib/gitlab/checks/** /doc/api/tags.md @msedlakjakubowski /doc/api/templates/dockerfiles.md @msedlakjakubowski /doc/api/templates/gitignores.md @msedlakjakubowski -/doc/api/templates/gitlab_ci_ymls.md @marcel.amirault +/doc/api/templates/gitlab_ci_ymls.md @marcel.amirault @lyspin /doc/api/templates/licenses.md @rdickenson /doc/api/todos.md @msedlakjakubowski /doc/api/topics.md @lciutacu -/doc/api/usage_data.md @lciutacu /doc/api/users.md @jglassman1 /doc/api/version.md @phillipwells -/doc/api/visual_review_discussions.md @marcel.amirault +/doc/api/visual_review_discussions.md @marcel.amirault @lyspin /doc/api/vulnerabilities.md @rdickenson /doc/api/vulnerability_exports.md @rdickenson /doc/api/vulnerability_findings.md @rdickenson /doc/architecture/blueprints/cells/ @lciutacu /doc/architecture/blueprints/ci_builds_runner_fleet_metrics/ @fneill -/doc/architecture/blueprints/database/scalability/patterns/ @aqualls -/doc/architecture/blueprints/database_scaling/ @aqualls /doc/architecture/blueprints/google_artifact_registry_integration/ @marcel.amirault /doc/architecture/blueprints/organization/ @lciutacu -/doc/ci/ @marcel.amirault +/doc/ci/ @marcel.amirault @lyspin /doc/ci/chatops/ @phillipwells /doc/ci/cloud_deployment/ @phillipwells +/doc/ci/cloud_services/ @marcel.amirault /doc/ci/docker/using_docker_images.md @fneill /doc/ci/environments/ @phillipwells +/doc/ci/examples/authenticating-with-hashicorp-vault/ @marcel.amirault /doc/ci/examples/deployment/ @phillipwells /doc/ci/examples/semantic-release.md @phillipwells /doc/ci/interactive_web_terminal/ @fneill +/doc/ci/jobs/ @marcel.amirault +/doc/ci/jobs/index.md @marcel.amirault @lyspin +/doc/ci/jobs/job_control.md @marcel.amirault @lyspin +/doc/ci/pipelines/pipeline_security.md @marcel.amirault /doc/ci/resource_groups/ @phillipwells /doc/ci/runners/ @fneill +/doc/ci/secrets/ @marcel.amirault +/doc/ci/secure_files/ @marcel.amirault /doc/ci/services/ @fneill +/doc/ci/ssh_keys/ @marcel.amirault /doc/ci/test_cases/ @msedlakjakubowski /doc/ci/testing/code_quality.md @rdickenson +/doc/ci/variables/ @marcel.amirault +/doc/ci/yaml/signing_examples.md @marcel.amirault /doc/development/advanced_search.md @gitlab-org/search-team/migration-maintainers /doc/development/application_limits.md @gitlab-org/distribution /doc/development/audit_event_guide/ @gitlab-org/govern/security-policies-frontend @gitlab-org/govern/threat-insights-frontend-team @gitlab-org/govern/threat-insights-backend-team @@ -797,7 +801,6 @@ lib/gitlab/checks/** /doc/editor_extensions/ @aqualls /doc/gitlab-basics/ @msedlakjakubowski /doc/install/ @axil -/doc/install/postgresql_extensions.md @aqualls /doc/integration/ @jglassman1 /doc/integration/advanced_search/ @ashrafkhamis /doc/integration/akismet.md @phillipwells @@ -851,7 +854,6 @@ lib/gitlab/checks/** /doc/tutorials/update_commit_messages/ @msedlakjakubowski /doc/tutorials/website_project_with_analytics/ @lciutacu /doc/update/ @axil -/doc/update/background_migrations.md @aqualls /doc/user/ai_features.md @sselhorn /doc/user/analytics/ @lciutacu /doc/user/analytics/ci_cd_analytics.md @phillipwells @@ -866,20 +868,30 @@ lib/gitlab/checks/** /doc/user/emoji_reactions.md @msedlakjakubowski /doc/user/enterprise_user/ @jglassman1 /doc/user/gitlab_duo_chat.md @sselhorn -/doc/user/group/ @lciutacu +/doc/user/group/access_and_permissions.md @lciutacu /doc/user/group/clusters/ @phillipwells /doc/user/group/compliance_frameworks.md @eread +/doc/user/group/contribution_analytics/ @lciutacu /doc/user/group/custom_project_templates.md @msedlakjakubowski +/doc/user/group/devops_adoption/ @lciutacu /doc/user/group/epics/ @msedlakjakubowski /doc/user/group/import/ @eread @ashrafkhamis +/doc/user/group/index.md @lciutacu +/doc/user/group/insights/ @lciutacu +/doc/user/group/issues_analytics/ @lciutacu /doc/user/group/iterations/ @msedlakjakubowski +/doc/user/group/manage.md @lciutacu /doc/user/group/moderate_users.md @phillipwells /doc/user/group/planning_hierarchy/ @msedlakjakubowski /doc/user/group/reporting/ @phillipwells -/doc/user/group/repositories_analytics/ @marcel.amirault +/doc/user/group/repositories_analytics/ @marcel.amirault @lyspin /doc/user/group/roadmap/ @msedlakjakubowski /doc/user/group/saml_sso/ @jglassman1 /doc/user/group/settings/ @jglassman1 +/doc/user/group/ssh_certificates.md @msedlakjakubowski +/doc/user/group/subgroups/ @lciutacu +/doc/user/group/troubleshooting.md @lciutacu +/doc/user/group/value_stream_analytics/ @lciutacu /doc/user/infrastructure/ @phillipwells /doc/user/infrastructure/clusters/manage/management_project_applications/ @phillipwells /doc/user/infrastructure/clusters/manage/management_project_applications/runner.md @fneill @@ -935,8 +947,10 @@ lib/gitlab/checks/** /doc/user/project/repository/web_editor.md @ashrafkhamis /doc/user/project/settings/import_export.md @eread @ashrafkhamis /doc/user/project/settings/import_export_troubleshooting.md @eread @ashrafkhamis -/doc/user/project/settings/index.md @lciutacu +/doc/user/project/settings/migrate_projects.md @lciutacu /doc/user/project/settings/project_access_tokens.md @jglassman1 +/doc/user/project/settings/project_features_permissions.md @lciutacu +/doc/user/project/use_project_as_go_package.md @lciutacu /doc/user/project/web_ide/ @ashrafkhamis /doc/user/project/working_with_projects.md @lciutacu /doc/user/public_access.md @lciutacu @@ -959,6 +973,7 @@ lib/gitlab/checks/** /config/initializers/declarative_policy_cached_attributes.rb /app/policies/ /ee/app/policies/ +/ee/app/models/members/member_role.rb /ee/app/services/member_roles/ /ee/app/graphql/types/member_roles/ /ee/app/graphql/mutations/member_roles/ @@ -978,7 +993,7 @@ lib/gitlab/checks/** /app/assets/javascripts/pages/oauth/ /app/assets/javascripts/pages/omniauth_callbacks/ /app/assets/javascripts/pages/profiles/password_prompt/ -/app/assets/javascripts/pages/profiles/personal_access_tokens/ +/app/assets/javascripts/pages/user_settings/personal_access_tokens/ /app/assets/javascripts/pages/profiles/two_factor_auths/ /app/assets/javascripts/pages/projects/settings/access_tokens/ /app/assets/javascripts/pages/sessions/new/oauth_remember_me.js @@ -1004,7 +1019,7 @@ lib/gitlab/checks/** /app/controllers/omniauth_callbacks_controller.rb /app/controllers/passwords_controller.rb /app/controllers/profiles/passwords_controller.rb -/app/controllers/profiles/personal_access_tokens_controller.rb +/app/controllers/user_settings/personal_access_tokens_controller.rb /app/controllers/profiles/two_factor_auths_controller.rb /app/controllers/profiles/webauthn_registrations_controller.rb /app/controllers/projects/settings/access_tokens_controller.rb @@ -1076,7 +1091,7 @@ lib/gitlab/checks/** /app/views/notify/access_token_revoked_email.html.haml /app/views/notify/access_token_revoked_email.text.erb /app/views/profiles/passwords/ -/app/views/profiles/personal_access_tokens/ +/app/views/user_settings/personal_access_tokens/ /app/views/profiles/two_factor_auths/ /app/views/projects/mirrors/_authentication_method.html.haml /app/views/projects/settings/access_tokens/ @@ -1139,7 +1154,6 @@ lib/gitlab/checks/** /ee/app/models/concerns/password_complexity.rb /ee/app/models/ee/personal_access_token.rb /ee/app/models/ee/project_authorization.rb -/ee/app/models/members/member_role.rb /ee/app/models/scim_oauth_access_token.rb /ee/app/serializers/scim_oauth_access_token_entity.rb /ee/app/services/arkose/token_verification_service.rb @@ -1217,6 +1231,7 @@ lib/gitlab/checks/** /lib/tasks/gitlab/password.rake /lib/tasks/tokens.rake +# Necessary for GitLab availability [Verify] @gitlab-org/maintainers/cicd-verify @shinya.maeda @stanhu @ayufan # With these catch-all rules we will require backend approval and use it as an # opportunity to refine specific rules defined in this section. @@ -1368,6 +1383,7 @@ lib/gitlab/checks/** /lib/gitlab/ci/templates/Jobs/SAST.*.yml @gitlab-org/secure/static-analysis /lib/gitlab/ci/templates/Jobs/Secret-Detection.*.yml @gitlab-org/secure/static-analysis +# Require approvals for Project API entities affecting availability [Data Stores::Tenant Scale] @abdwdd @alexpooley @manojmj lib/api/entities/basic_project_details.rb lib/api/entities/project_with_access.rb @@ -1375,7 +1391,7 @@ lib/api/entities/project_identity.rb lib/api/entities/project.rb ee/lib/ee/api/entities/project.rb -[Compliance] @gitlab-org/govern/compliance +[Compliance] @gitlab-org/govern/compliance/engineering /app/services/audit_events/build_service.rb /ee/app/services/ee/audit_events/build_service.rb /ee/spec/services/audit_events/custom_audit_event_service_spec.rb @@ -1416,27 +1432,24 @@ ee/lib/ee/api/entities/project.rb /ee/app/graphql/mutations/audit_events/ /ee/app/models/concerns/audit_events/ /ee/app/views/projects/audit_events/ -/app/controllers/groups/releases_controller.rb -/app/controllers/projects/releases/evidences_controller.rb -/app/workers/releases/create_evidence_worker.rb -/app/workers/releases/manage_evidence_worker.rb ^[Fulfillment::Utilization] @sheldonled @aalakkad @kpalchyk /ee/app/assets/javascripts/usage_quotas/components/ /ee/app/assets/javascripts/usage_quotas/seats/ /ee/app/assets/javascripts/usage_quotas/storage/ -[Manage::Foundations] @gitlab-org/manage/foundations/engineering +^[Manage::Foundations] @gitlab-org/manage/foundations/engineering /lib/sidebars/ /ee/lib/sidebars/ /ee/lib/ee/sidebars/ +# Necessary for availablity, similar to DB migrations [Global Search] @gitlab-org/search-team/migration-maintainers /ee/elastic/migrate/ /ee/spec/elastic/migrate/ /ee/spec/support/elastic.rb -[Create::IDE - Remote Development Backend] @gitlab-org/maintainers/remote-development/backend +^[Create::IDE - Remote Development Backend] @gitlab-org/maintainers/remote-development/backend /ee/app/models/remote_development/ /ee/app/policies/remote_development/ /ee/app/finders/remote_development/ @@ -1462,14 +1475,14 @@ ee/lib/ee/api/entities/project.rb /ee/spec/services/remote_development/ /qa/qa/specs/features/**/remote_development/ @gitlab-org/maintainers/remote-development/backend @gl-quality/qe-maintainers -[Create::IDE - Remote Development Frontend] @gitlab-org/maintainers/remote-development/frontend +^[Create::IDE - Remote Development Frontend] @gitlab-org/maintainers/remote-development/frontend /ee/app/assets/remote_development/ /ee/app/assets/**/remote_development/ /ee/app/views/remote_development/ /ee/spec/frontend/remote_development/ /ee/spec/frontend/**/remote_development/ -[Govern::Anti-abuse] @gitlab-org/modelops/anti-abuse +^[Govern::Anti-abuse] @gitlab-org/modelops/anti-abuse /ee/app/controllers/users/identity_verification_controller.rb /ee/app/models/concerns/identity_verifiable.rb /ee/config/routes/identity_verification.rb @@ -1477,6 +1490,9 @@ ee/lib/ee/api/entities/project.rb [Deploy:Environments - KAS Version Maintainers] @gitlab-org/maintainers/kas-version-maintainers /GITLAB_KAS_VERSION +^[DiffMatchPatch gem] +/vendor/gems/diff_match_patch @garyh + # JiHu GitLab rules. See https://gitlab.com/gitlab-jh/gitlab-jh-enablement/-/issues/213#note_1024367528 [JH Frontend] @jihulab/maintainers/frontend diff --git a/.gitlab/ci/database.gitlab-ci.yml b/.gitlab/ci/database.gitlab-ci.yml index 285c99d2cbe..b01ba247ce7 100644 --- a/.gitlab/ci/database.gitlab-ci.yml +++ b/.gitlab/ci/database.gitlab-ci.yml @@ -36,7 +36,7 @@ db:rollback: - .db-job-base - .rails:rules:db-rollback script: - - bundle exec rake db:migrate VERSION=20220502173045 # 14.10 (last 14.x version) + - bundle exec rake db:migrate VERSION=20221111123146 # 15.7 - bundle exec rake db:migrate db:rollback single-db: diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml index 2afa69bbff8..9d78fb102f9 100644 --- a/.gitlab/ci/frontend.gitlab-ci.yml +++ b/.gitlab/ci/frontend.gitlab-ci.yml @@ -153,7 +153,7 @@ retrieve-frontend-fixtures: - run_timed_command "gem install knapsack --no-document" - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn"; # Do not use 'bundle exec' here - source ./scripts/rspec_helpers.sh - - rspec_paralellized_job + - rspec_parallelized_job artifacts: name: frontend-fixtures expire_in: 31d @@ -306,6 +306,42 @@ jest-integration: - run_timed_command "yarn jest:integration --ci" needs: ["rspec-all frontend_fixture", "graphql-schema-dump"] +jest-snapshot-vue3: + extends: + - .jest-base + - .frontend:rules:jest-snapshot + needs: ["rspec-all frontend_fixture"] + variables: + VUE_VERSION: 3 + JEST_REPORT: jest-test-report.json + SNAPSHOT_TEST_REPORT: jest-snapshot-test-report.json + script: + - | + yarn jest:snapshots --ci --json --outputFile="${JEST_REPORT}" || echo 'Proceed to parsing test report...' + echo $(ruby -rjson -e 'puts JSON.generate(JSON.parse(File.read(ENV["JEST_REPORT"])).dig("snapshot"))') > "${SNAPSHOT_TEST_REPORT}" + + echo " ============= snapshot test report start ==============" + cat "${SNAPSHOT_TEST_REPORT}" + echo " ============= snapshot test report end ================" + + snapshot_test_failed=$(ruby -rjson -e 'puts JSON.parse(File.read(ENV["SNAPSHOT_TEST_REPORT"])).dig("failure")') + if [[ "${snapshot_test_failed}" == "true" ]] + then + echo "You have failed snapshot tests! Exiting 1..." + exit 1 + else + echo 'All snapshot tests passed! Exiting 0...' + exit 0 + fi + + artifacts: + name: snapshot_tests + expire_in: 31d + when: always + paths: + - jest-snapshot-test-match.json + - jest-snapshot-test-report.json + coverage-frontend: extends: - .default-retry diff --git a/.gitlab/ci/gitlab-com/danger-review.gitlab-ci.yml b/.gitlab/ci/gitlab-com/danger-review.gitlab-ci.yml index 8328051f1a0..ad7cc2f44c0 100644 --- a/.gitlab/ci/gitlab-com/danger-review.gitlab-ci.yml +++ b/.gitlab/ci/gitlab-com/danger-review.gitlab-ci.yml @@ -1,6 +1,6 @@ include: - project: gitlab-org/quality/pipeline-common - ref: 7.10.3 + ref: 8.2.0 file: - /ci/danger-review.yml diff --git a/.gitlab/ci/gitlab-gems.gitlab-ci.yml b/.gitlab/ci/gitlab-gems.gitlab-ci.yml index cc8a058d354..802ad9a5a8a 100644 --- a/.gitlab/ci/gitlab-gems.gitlab-ci.yml +++ b/.gitlab/ci/gitlab-gems.gitlab-ci.yml @@ -19,7 +19,7 @@ include: gem_name: "ipynbdiff" - local: .gitlab/ci/templates/gem.gitlab-ci.yml inputs: - gem_name: "rspec_flaky" + gem_name: "gitlab-rspec_flaky" - local: .gitlab/ci/templates/gem.gitlab-ci.yml inputs: gem_name: "gitlab-safe_request_store" @@ -32,3 +32,12 @@ include: - local: .gitlab/ci/templates/gem.gitlab-ci.yml inputs: gem_name: "gitlab-backup-cli" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "gitlab-secret_detection" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "gitlab-database-load_balancing" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "gitlab-database-lock_retries" diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml index 37d91fae595..dc006a3ce24 100644 --- a/.gitlab/ci/global.gitlab-ci.yml +++ b/.gitlab/ci/global.gitlab-ci.yml @@ -278,7 +278,7 @@ .zoekt-services: services: - - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.2 + - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.5 alias: zoekt-ci-image .use-pg13: @@ -468,7 +468,6 @@ services: - docker:${DOCKER_VERSION}-dind variables: - DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 DOCKER_TLS_CERTDIR: "" tags: diff --git a/.gitlab/ci/package-and-test/main.gitlab-ci.yml b/.gitlab/ci/package-and-test/main.gitlab-ci.yml index 21dd8f957d4..afd66a36b0a 100644 --- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml +++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml @@ -30,19 +30,6 @@ download-fast-quarantine-report: - .download-fast-quarantine-report - .rules:download-fast-quarantine-report -cache-gems: - extends: - - .qa-install - - .ruby-image - - .rules:update-cache - stage: .pre - tags: - - e2e - script: - - echo "Populated qa cache" - cache: - policy: pull-push - # ========================================== # Test stage # ========================================== @@ -76,8 +63,8 @@ instance-ff-inverse: - .parallel variables: QA_SCENARIO: Test::Instance::Image - QA_KNAPSACK_REPORT_NAME: ee-instance - GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS + QA_KNAPSACK_REPORT_NAME: instance + QA_FEATURE_FLAGS: $FEATURE_FLAGS rules: - !reference [.rules:test:feature-flags-set, rules] @@ -167,7 +154,7 @@ decomposition-single-db: - .parallel variables: QA_SCENARIO: Test::Instance::Image - GITLAB_QA_OPTS: --omnibus-config decomposition_single_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_single_db rules: - !reference [.rules:test:smoke-for-omnibus-mr, rules] - !reference [.rules:test:qa-parallel, rules] @@ -177,7 +164,7 @@ decomposition-single-db-selective: extends: .qa variables: QA_SCENARIO: Test::Instance::Image - GITLAB_QA_OPTS: --omnibus-config decomposition_single_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_single_db rules: - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ @@ -188,7 +175,7 @@ decomposition-single-db-selective-parallel: - .parallel variables: QA_SCENARIO: Test::Instance::Image - GITLAB_QA_OPTS: --omnibus-config decomposition_single_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_single_db rules: - !reference [.rules:test:qa-selective-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ @@ -204,7 +191,7 @@ decomposition-multiple-db: variables: QA_SCENARIO: Test::Instance::Image GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" - GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db rules: - !reference [.rules:test:smoke-for-omnibus-mr, rules] - !reference [.rules:test:qa-parallel, rules] @@ -215,7 +202,7 @@ decomposition-multiple-db-selective: variables: QA_SCENARIO: Test::Instance::Image GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" - GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db rules: - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::All/ @@ -227,7 +214,7 @@ decomposition-multiple-db-selective-parallel: variables: QA_SCENARIO: Test::Instance::Image GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true" - GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db rules: - !reference [.rules:test:qa-selective-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::All/ @@ -244,7 +231,7 @@ object-storage: variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag object_storage - GITLAB_QA_OPTS: --omnibus-config object_storage $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage rules: - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ @@ -254,7 +241,7 @@ object-storage-selective: variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag object_storage - GITLAB_QA_OPTS: --omnibus-config object_storage $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage rules: - !reference [.rules:test:qa-selective, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ @@ -265,7 +252,7 @@ object-storage-selective-parallel: variables: QA_SCENARIO: Test::Instance::Image QA_RSPEC_TAGS: --tag object_storage - GITLAB_QA_OPTS: --omnibus-config object_storage $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage rules: - !reference [.rules:test:qa-selective-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/ @@ -283,7 +270,7 @@ object-storage-aws: AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID AWS_S3_REGION: $QA_AWS_S3_REGION - GITLAB_QA_OPTS: --omnibus-config object_storage_aws $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_aws object-storage-aws-selective: extends: object-storage-selective @@ -292,7 +279,7 @@ object-storage-aws-selective: AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID AWS_S3_REGION: $QA_AWS_S3_REGION - GITLAB_QA_OPTS: --omnibus-config object_storage_aws $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_aws object-storage-aws-selective-parallel: extends: object-storage-selective-parallel @@ -301,7 +288,7 @@ object-storage-aws-selective-parallel: AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID AWS_S3_REGION: $QA_AWS_S3_REGION - GITLAB_QA_OPTS: --omnibus-config object_storage_aws $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_aws # ========== object-storage-gcs =========== @@ -315,7 +302,7 @@ object-storage-gcs: GOOGLE_PROJECT: $QA_GOOGLE_PROJECT GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL - GITLAB_QA_OPTS: --omnibus-config object_storage_gcs $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_gcs object-storage-gcs-selective: extends: object-storage-selective @@ -324,7 +311,7 @@ object-storage-gcs-selective: GOOGLE_PROJECT: $QA_GOOGLE_PROJECT GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL - GITLAB_QA_OPTS: --omnibus-config object_storage_gcs $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_gcs object-storage-gcs-selective-parallel: extends: object-storage-selective-parallel @@ -333,7 +320,7 @@ object-storage-gcs-selective-parallel: GOOGLE_PROJECT: $QA_GOOGLE_PROJECT GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL - GITLAB_QA_OPTS: --omnibus-config object_storage_gcs $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config object_storage_gcs # ------------------------------------------ # Non parallel jobs @@ -371,10 +358,14 @@ oauth: - .qa - .failure-videos variables: - QA_SCENARIO: Test::Integration::OAuth + QA_SCENARIO: Test::Instance::Image + QA_GITLAB_HOSTNAME: "gitlab" + QA_GITLAB_USE_TLS: "true" + QA_RSPEC_TAGS: --tag oauth + GITLAB_QA_OPTS: --omnibus-config facebook_oauth --omnibus-config github_oauth rules: - !reference [.rules:test:qa-default-branch, rules] - - if: $QA_SUITES =~ /Test::Integration::OAuth/ + - if: $QA_SUITES =~ /Test::Instance::All/ - !reference [.rules:test:manual, rules] instance-saml: @@ -567,7 +558,7 @@ registry-object-storage-tls: QA_SCENARIO: Test::Integration::RegistryTLS QA_RSPEC_TAGS: "" GITLAB_TLS_CERTIFICATE: $QA_GITLAB_TLS_CERTIFICATE - GITLAB_QA_OPTS: --omnibus-config registry_object_storage $EXTRA_GITLAB_QA_OPTS + GITLAB_QA_OPTS: --omnibus-config registry_object_storage importers: extends: @@ -593,7 +584,6 @@ update-minor: QA_RSPEC_TAGS: --tag smoke rules: - !reference [.rules:test:update, rules] - - if: $QA_SUITES =~ /Test::Instance::Smoke/ - !reference [.rules:test:manual, rules] update-major: @@ -605,7 +595,6 @@ update-major: QA_RSPEC_TAGS: --tag smoke rules: - !reference [.rules:test:update, rules] - - if: $QA_SUITES =~ /Test::Instance::Smoke/ - !reference [.rules:test:manual, rules] update-ee-to-ce: @@ -619,7 +608,6 @@ update-ee-to-ce: rules: - !reference [.rules:test:ce-only, rules] - !reference [.rules:test:update, rules] - - if: $QA_SUITES =~ /Test::Instance::Smoke/ - !reference [.rules:test:manual, rules] # ========================================== diff --git a/.gitlab/ci/preflight.gitlab-ci.yml b/.gitlab/ci/preflight.gitlab-ci.yml index 6a2ea85f393..6723608d0db 100644 --- a/.gitlab/ci/preflight.gitlab-ci.yml +++ b/.gitlab/ci/preflight.gitlab-ci.yml @@ -44,7 +44,9 @@ rails-production-server-boot-puma-cng: extends: - .rails-production-server-boot script: - - curl --silent https://gitlab.com/gitlab-org/build/CNG/-/raw/master/gitlab-webservice/configuration/puma.rb > config/puma.rb + - define_trigger_branch_in_build_env + - echo "TRIGGER_BRANCH is defined as ${TRIGGER_BRANCH}" + - curl --silent "https://gitlab.com/gitlab-org/build/CNG/-/raw/${TRIGGER_BRANCH}/gitlab-webservice/configuration/puma.rb" > config/puma.rb - sed --in-place "s:/srv/gitlab:${PWD}:" config/puma.rb - bundle exec puma --environment production --config config/puma.rb & - sleep 40 # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114124#note_1309506358 @@ -75,5 +77,5 @@ qa:selectors: qa:selectors-as-if-foss: extends: - qa:selectors - - .qa:rules:as-if-foss + - .qa:rules:selectors-as-if-foss - .as-if-foss diff --git a/.gitlab/ci/qa-common/main.gitlab-ci.yml b/.gitlab/ci/qa-common/main.gitlab-ci.yml index 487acbc9f03..836f1559264 100644 --- a/.gitlab/ci/qa-common/main.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/main.gitlab-ci.yml @@ -5,16 +5,17 @@ workflow: name: $PIPELINE_NAME include: - - component: "gitlab.com/gitlab-org/quality/pipeline-common/allure-report@8.0.0" + - component: "gitlab.com/gitlab-org/quality/pipeline-common/allure-report@8.2.0" inputs: job_name: "e2e-test-report" job_stage: "report" + report_title: "E2E Test Result Summary" aws_access_key_id_variable_name: "QA_ALLURE_AWS_ACCESS_KEY_ID" aws_secret_access_key_variable_name: "QA_ALLURE_AWS_SECRET_ACCESS_KEY" gitlab_auth_token_variable_name: "PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE" allure_job_name: "${QA_RUN_TYPE}" - project: gitlab-org/quality/pipeline-common - ref: 7.10.2 + ref: 8.2.0 file: - /ci/base.gitlab-ci.yml - /ci/knapsack-report.yml @@ -68,7 +69,6 @@ stages: QA_INTERCEPT_REQUESTS: "true" GITLAB_LICENSE_MODE: test GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN - GITLAB_QA_OPTS: $EXTRA_GITLAB_QA_OPTS before_script: - !reference [.qa-base, before_script] # Prepend the file paths with the absolute path from inside the container since the files will be read from there @@ -87,11 +87,11 @@ stages: KNAPSACK_DIR: ${CI_PROJECT_DIR}/qa/knapsack GIT_STRATEGY: none script: - - echo "KNAPSACK_TEST_FILE_PATTERN is ${KNAPSACK_TEST_FILE_PATTERN}" - # when using qa-image, code runs in /home/gitlab/qa folder - bundle exec rake "knapsack:download[test]" - - '[ -n "$QA_TESTS" ] && bundle exec rake "knapsack:create_reports_for_selective"' - - mkdir -p "$KNAPSACK_DIR" && cp knapsack/*.json "${KNAPSACK_DIR}/" + - bundle exec rake "knapsack:create_reports_for_selective" + after_script: + # when using qa-image, code runs in /home/gitlab/qa folder + - mkdir -p "$KNAPSACK_DIR" && cp /home/gitlab/qa/knapsack/*.json "${KNAPSACK_DIR}/" allow_failure: true artifacts: paths: @@ -167,6 +167,7 @@ stages: stage: notify variables: QA_RSPEC_XML_FILE_PATTERN: "${CI_PROJECT_DIR}/gitlab-qa-run-*/**/rspec-*.xml" + GITLAB_API_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE SLACK_ICON_EMOJI: ci_failing STATUS_SYM: ☠️ STATUS: failed diff --git a/.gitlab/ci/qa-common/rules.gitlab-ci.yml b/.gitlab/ci/qa-common/rules.gitlab-ci.yml index 7fa66fa4384..31f84441926 100644 --- a/.gitlab/ci/qa-common/rules.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/rules.gitlab-ci.yml @@ -1,3 +1,6 @@ +include: + - local: .gitlab/ci/rules.gitlab-ci.yml + # Specific specs passed .specs-specified: &specs-specified if: $QA_TESTS != "" @@ -8,16 +11,12 @@ # FF changes .feature-flags-set: &feature-flags-set - if: $QA_FEATURE_FLAGS =~ /enabled|disabled/ + if: $FEATURE_FLAGS =~ /enabled|disabled/ # Specific specs specified .spec-file-specified: &spec-file-specified if: $QA_TESTS =~ /_spec\.rb/ -# code pattern changes -.code-pattern-changes: &code-pattern-changes - if: $MR_CODE_PATTERNS == "true" - # Specs directory specified .spec-directory-specified: &spec-directory-specified if: $QA_TESTS != "" && $QA_TESTS !~ /_spec\.rb/ @@ -34,7 +33,7 @@ # Run all tests when QA framework changes present, full suite execution is explicitly enabled or a feature flag file is removed .qa-run-all-tests: &qa-run-all-tests - if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_RUN_ALL_E2E_LABEL == "true" || $QA_FEATURE_FLAGS =~ /deleted/ + if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_RUN_ALL_E2E_LABEL == "true" || $FEATURE_FLAGS =~ /deleted/ # Run job when MR has pipeline:run-all-e2e label .qa-run-all-e2e-label: &qa-run-all-e2e-label @@ -64,10 +63,6 @@ rules: - when: always -.rules:update-cache: - rules: - - if: '$UPDATE_QA_CACHE == "true"' - .rules:download-knapsack: rules: - when: always @@ -151,11 +146,10 @@ # these jobs need gitlab version because we can't reliably detect it from just the image - if: $GITLAB_SEMVER_VERSION !~ /^\d+\.\d+\.\d+/ when: never - # $QA_SUPER_SIDEBAR_ENABLED is now only present as a variable when testing old nav so we skip update jobs - # in pipeline where it is explicitly disabled - - if: $QA_SUPER_SIDEBAR_ENABLED - when: never - - !reference [.rules:test:qa, rules] + # update jobs are only relevant in testing app updates that can be affected by code changes only + # by checking code patterns, skip running job on changes that can't affect the outcome + - !reference [.qa:rules:code-merge-request, rules] + - *default-branch .rules:test:never-schedule-pipeline: rules: diff --git a/.gitlab/ci/qa-common/variables.gitlab-ci.yml b/.gitlab/ci/qa-common/variables.gitlab-ci.yml index a449d960cff..bc756b6808a 100644 --- a/.gitlab/ci/qa-common/variables.gitlab-ci.yml +++ b/.gitlab/ci/qa-common/variables.gitlab-ci.yml @@ -6,9 +6,9 @@ variables: REGISTRY_GROUP: "gitlab-org" ALLURE_JOB_NAME: $CI_PROJECT_NAME COLORIZED_LOGS: "true" + FEATURE_FLAGS: "" QA_LOG_LEVEL: "info" QA_TESTS: "" - QA_FEATURE_FLAGS: "" # run all tests by default when package-and-test is included natively in other projects # this will be overridden when selective test execution is used in gitlab canonical project QA_RUN_ALL_TESTS: "true" diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml index 7c72c301aef..d26df15412f 100644 --- a/.gitlab/ci/qa.gitlab-ci.yml +++ b/.gitlab/ci/qa.gitlab-ci.yml @@ -53,24 +53,21 @@ qa:internal-as-if-foss: - .qa:rules:internal-as-if-foss - .as-if-foss -qa:master-auto-quarantine-dequarantine: - extends: - - .qa-job-base - rules: - - if: '$QA_TRIGGER_AUTO_QUARANTINE =~ /true|yes|1/i' - script: - - bundle exec confiner -r .confiner/master.yml - allow_failure: true - -qa:update-qa-cache: +cache-qa-gems: extends: - .qa-job-base - .qa-cache-push - - .shared:rules:update-cache + - .qa:rules:update-gem-cache stage: prepare script: - echo "Cache has been updated and ready to be uploaded." +# E2E runners have separate infra setup and different cache bucket +cache-qa-gems-e2e-runners: + extends: cache-qa-gems + tags: + - e2e + trigger-omnibus: stage: qa extends: diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 385b0e8b68b..7efcc4b58a3 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -305,6 +305,20 @@ rspec-ee unit clickhouse: - .rspec-base-pg14-clickhouse23 - .rails:rules:clickhouse-changes +gitlab:clickhouse:rollback:main: + extends: + - .rspec-base + - .production # Disable webmock from test environment + - .use-pg14-clickhouse23 + - .rails:rules:clickhouse-changes + script: + - cp config/click_house.yml.example config/click_house.yml + - 'sed -i "s|url:.*$|url: http://clickhouse:8123|g" config/click_house.yml' + - 'sed -i "s|test:$|production:|g" config/click_house.yml' + - !reference [.base-script, script] + - bundle exec rake gitlab:clickhouse:migrate && + bundle exec rake gitlab:clickhouse:rollback:main VERSION=0 + gitlab:setup: extends: .db-job-base variables: @@ -327,21 +341,13 @@ gitlab:setup: # These intermediate jobs allow us to collect the artifacts of # more than 50 jobs and still use `needs:` to ensure a timely execution .artifact-collector: + extends: .base-artifacts stage: post-test variables: GIT_STRATEGY: none image: alpine:3.17 script: - - mkdir -p coverage deprecations rspec auto_explain - - ls coverage/ deprecations/ rspec/ auto_explain/ - artifacts: - expire_in: 7d - when: always - paths: - - coverage/ - - deprecations/ - - rspec/ - - auto_explain/ + - ls -R rspec:artifact-collector unit: extends: @@ -751,41 +757,54 @@ rspec system pg14-as-if-foss clusterwide-db: - .clusterwide-db - .rails:rules:clusterwide-db -rspec-ee unit gitlab-duo-chat pg14: +.rspec-ee-base-gitlab-duo: + extends: + - .rspec-ee-base-pg14 variables: REAL_AI_REQUEST: "true" - RSPEC_RETRY_RETRY_COUNT: 0 + +rspec-ee unit gitlab-duo-chat-zeroshot pg14: extends: - - .rspec-ee-base-pg14 - - .rails:rules:ee-gitlab-duo-chat-base - parallel: - matrix: - - DUO_RSPEC: ["lib/gitlab/llm/chain/agents/zero_shot/executor_real_requests_spec.rb", "support_specs/helpers/chat_qa_evaluation_helpers_spec.rb"] + - .rspec-ee-base-gitlab-duo + - .rails:rules:ee-gitlab-duo-chat-optional + script: + - !reference [.base-script, script] + - rspec_parallelized_job "--tag zeroshot_executor" + +rspec-ee unit gitlab-duo-chat-qa-fast pg14: + extends: + - .rspec-ee-base-gitlab-duo + - .rails:rules:ee-gitlab-duo-chat-always script: - !reference [.base-script, script] - - bundle exec rspec -Ispec -rspec_helper --failure-exit-code 0 --tag real_ai_request --color -- ee/spec/${DUO_RSPEC} + - rspec_parallelized_job "--tag fast_chat_qa_evaluation" + +rspec-ee unit gitlab-duo pg14: + extends: + - .rspec-ee-base-gitlab-duo + - .rails:rules:ee-gitlab-duo-chat-always + script: + - !reference [.base-script, script] + - rspec_parallelized_job "--tag gitlab_duo" rspec-ee unit gitlab-duo-chat-qa pg14: variables: - REAL_AI_REQUEST: "true" + QA_EVAL_REPORT_FILENAME: "qa_evaluation_report.md" RSPEC_RETRY_RETRY_COUNT: 0 extends: - - .rspec-ee-base-pg14 - - .rails:rules:ee-gitlab-duo-chat-base - parallel: - matrix: - - DUO_RSPEC: ["qa_epic_spec.rb", "qa_issue_spec.rb"] + - .rspec-ee-base-gitlab-duo + - .rails:rules:ee-gitlab-duo-chat-qa-full script: - !reference [.base-script, script] - source ./scripts/utils.sh - install_gitlab_gem - - bundle exec rspec -Ispec -rspec_helper --failure-exit-code 0 --tag real_ai_request --color -- ee/spec/lib/gitlab/llm/chain/agents/zero_shot/${DUO_RSPEC} + - bundle exec rspec -Ispec -rspec_helper --failure-exit-code 0 --color --tag chat_qa_evaluation -- ee/spec/lib/gitlab/llm/chain/agents/zero_shot/qa_evaluation_spec.rb - ./scripts/duo_chat/reporter.rb artifacts: expire_in: 5d paths: - tmp/duo_chat/qa*.json - - "${DUO_RSPEC}.md" + - "${QA_EVAL_REPORT_FILENAME}" rspec-ee migration pg14: extends: diff --git a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb index 4584cba0282..8a36848b363 100644 --- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb +++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb @@ -39,7 +39,7 @@ dont-interrupt-me: RSPEC_TESTS_MAPPING_ENABLED: "true" script: - !reference [.base-script, script] - - rspec_paralellized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~level:background_migration --tag ~zoekt --tag ~click_house" + - rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~level:background_migration --tag ~zoekt --tag ~click_house" artifacts: expire_in: 7d paths: @@ -54,7 +54,7 @@ rspec migration foss-impact: <% end %> script: - !reference [.base-script, script] - - rspec_paralellized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~zoekt --tag ~click_house" + - rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~zoekt --tag ~click_house" <% end %> <% if rspec_files_per_test_level[:background_migration][:files].size > 0 %> diff --git a/.gitlab/ci/rails/shared.gitlab-ci.yml b/.gitlab/ci/rails/shared.gitlab-ci.yml index 6046c672f7b..3194ac0c26f 100644 --- a/.gitlab/ci/rails/shared.gitlab-ci.yml +++ b/.gitlab/ci/rails/shared.gitlab-ci.yml @@ -67,6 +67,7 @@ include: RECORD_DEPRECATIONS: "true" GEO_SECONDARY_PROXY: 0 SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137 + EVENT_PROF: "sql.active_record" needs: - job: "setup-test-env" - job: "retrieve-tests-metadata" @@ -79,18 +80,33 @@ include: # spec/lib, yet background migration tests are also sitting there, # and they should run on their own jobs so we don't need to run them # in unit tests again. - - rspec_paralellized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~level:background_migration --tag ~click_house --tag ~real_ai_request" + - rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~level:background_migration --tag ~click_house --tag ~real_ai_request" after_script: - echo -e "\e[0Ksection_start:`date +%s`:report_results_section[collapsed=true]\r\e[0KReport results" + - bundle exec gem list gitlab_quality-test_tooling - | if [ "$CREATE_RAILS_TEST_FAILURE_ISSUES" == "true" ]; then - bundle exec relate-failure-issue --input-files "rspec/rspec-*.json" --system-log-files "log" --project "gitlab-org/gitlab" --token "${TEST_FAILURES_PROJECT_TOKEN}" --related-issues-file "rspec/${CI_JOB_ID}-failed-test-issues.json"; + bundle exec relate-failure-issue \ + --token "${TEST_FAILURES_PROJECT_TOKEN}" \ + --project "gitlab-org/gitlab" \ + --input-files "rspec/rspec-*.json" \ + --exclude-labels-for-search "QA,rspec:slow test" \ + --system-log-files "log" \ + --related-issues-file "rspec/${CI_JOB_ID}-failed-test-issues.json"; fi if [ "$CREATE_RAILS_SLOW_TEST_ISSUES" == "true" ]; then - bundle exec slow-test-issues --input-files "rspec/rspec-*.json" --project "gitlab-org/gitlab" --token "${TEST_FAILURES_PROJECT_TOKEN}" --related-issues-file "rspec/${CI_JOB_ID}-slow-test-issues.json"; + bundle exec slow-test-issues \ + --token "${TEST_FAILURES_PROJECT_TOKEN}" \ + --project "gitlab-org/gitlab" \ + --input-files "rspec/rspec-*.json" \ + --related-issues-file "rspec/${CI_JOB_ID}-slow-test-issues.json"; fi if [ "$ADD_SLOW_TEST_NOTE_TO_MERGE_REQUEST" == "true" ]; then - bundle exec slow-test-merge-request-report-note --input-files "rspec/rspec-*.json" --project "gitlab-org/gitlab" --merge_request_iid "$CI_MERGE_REQUEST_IID" --token "${TEST_SLOW_NOTE_PROJECT_TOKEN}"; + bundle exec slow-test-merge-request-report-note \ + --token "${TEST_SLOW_NOTE_PROJECT_TOKEN}" \ + --project "gitlab-org/gitlab" \ + --input-files "rspec/rspec-*.json" \ + --merge_request_iid "$CI_MERGE_REQUEST_IID"; fi - echo -e "\e[0Ksection_end:`date +%s`:report_results_section\r\e[0K" - tooling/bin/push_job_metrics || true @@ -117,7 +133,7 @@ include: .rspec-base-migration: script: - !reference [.base-script, script] - - rspec_paralellized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~zoekt --tag ~click_house" + - rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag ~quarantine --tag ~zoekt --tag ~click_house" after_script: - !reference [.rspec-base, after_script] @@ -139,7 +155,7 @@ include: - cp config/click_house.yml.example config/click_house.yml - 'sed -i "s|url:.*$|url: http://clickhouse:8123|g" config/click_house.yml' - !reference [.base-script, script] - - rspec_paralellized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag click_house" + - rspec_parallelized_job "--fail-fast=${RSPEC_FAIL_FAST_THRESHOLD} --tag click_house" .rspec-base-pg14-as-if-foss: extends: diff --git a/.gitlab/ci/release-environments.gitlab-ci.yml b/.gitlab/ci/release-environments.gitlab-ci.yml index 24eca1caf4c..2e0164caf36 100644 --- a/.gitlab/ci/release-environments.gitlab-ci.yml +++ b/.gitlab/ci/release-environments.gitlab-ci.yml @@ -20,4 +20,7 @@ start-release-environments-pipeline: PARENT_PIPELINE_ID: $CI_PIPELINE_ID trigger: strategy: depend - include: .gitlab/ci/release-environments/main.gitlab-ci.yml + include: + - project: 'gitlab-org/gitlab' + ref: 'master' + file: '.gitlab/ci/release-environments/main.gitlab-ci.yml' diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml index 0290d0158b6..2e963b7857a 100644 --- a/.gitlab/ci/reports.gitlab-ci.yml +++ b/.gitlab/ci/reports.gitlab-ci.yml @@ -80,7 +80,7 @@ gemnasium-python-dependency_scanning: extends: .default-retry stage: test image: - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v2.1.0@sha256:1f1d31fdc81f6cf0ee305ff0291bfb56f22c5764fe042948ff1676f2f8c60352 + name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v3.0.0@sha256:e281525b3be870d6618b6bad2685733dcb9908e4eb21f0e5b4fe4bb6f6083f91 entrypoint: [""] variables: HTR_user: '$PACKAGE_HUNTER_USER' diff --git a/.gitlab/ci/review-apps/main.gitlab-ci.yml b/.gitlab/ci/review-apps/main.gitlab-ci.yml index dfcd65238ec..a4d8d8672bb 100644 --- a/.gitlab/ci/review-apps/main.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml @@ -67,7 +67,7 @@ review-build-cng: GITLAB_IMAGE_REPOSITORY: "registry.gitlab.com/gitlab-org/build/cng-mirror" GITLAB_IMAGE_SUFFIX: "ee" GITLAB_REVIEW_APP_BASE_CONFIG_FILE: "scripts/review_apps/base-config.yaml" - GITLAB_HELM_CHART_REF: "db886740f66e8dfacd7b9f0f79f640c8c2e0318a" # 7.5.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/db886740f66e8dfacd7b9f0f79f640c8c2e0318a + GITLAB_HELM_CHART_REF: "eace227d3465e17e37b1a2e3764dd244c8e2d716" # 7.6.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/eace227d3465e17e37b1a2e3764dd244c8e2d716 environment: name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN} @@ -150,7 +150,7 @@ review-deploy-sample-projects: .review-stop-base: extends: .review-workflow-base - timeout: 15min + timeout: 30min environment: action: stop variables: diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml index 264763c882f..6030db7264d 100644 --- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml +++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml @@ -30,6 +30,8 @@ include: needs: - review-deploy - download-knapsack-report + - pipeline: $PARENT_PIPELINE_ID + job: retrieve-tests-metadata variables: GIT_LFS_SKIP_SMUDGE: 1 WD_INSTALL_DIR: /usr/local/bin diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 7b160a0efb5..165c2159bdf 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -45,10 +45,10 @@ if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/' .if-merge-request-approved-and-specific-devops-stage: &if-merge-request-approved-and-specific-devops-stage - if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && ($CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS =~ /devops::(create|govern|manage)/)' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && ($CI_MERGE_REQUEST_LABELS =~ /pipeline:mr-approved/ && $CI_MERGE_REQUEST_LABELS =~ /devops::(create|govern|manage|plan|verify|package)/)' .if-merge-request-and-specific-devops-stage: &if-merge-request-and-specific-devops-stage - if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS =~ /devops::(create|govern|manage)/' + if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS =~ /devops::(create|govern|manage|plan|verify|package)/' .if-merge-request-not-approved: &if-merge-request-not-approved if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $CI_MERGE_REQUEST_LABELS !~ /pipeline:mr-approved/' @@ -372,6 +372,7 @@ .ai-patterns: &ai-patterns - "{,ee/,jh/}lib/gitlab/llm/**/*" - "{,ee/,jh/}{,spec/}lib/gitlab/llm/**/*" + - "{,ee/,jh/}lib/gitlab/duo/**/*" # DB patterns + .ci-patterns .db-patterns: &db-patterns @@ -418,6 +419,12 @@ - ".dockerignore" - "{,jh/}qa/**/*" +# Frontend view patterns + .qa-patterns +.frontend-qa-patterns: &frontend-qa-patterns + - "{,ee/,jh/}{app/assets,app/components,app/helpers,app/presenters,app/views}/**/*" + # QA changes + - "{,jh/}qa/**/*" + # Code patterns + .ci-patterns .code-patterns: &code-patterns - "{package.json,yarn.lock}" @@ -905,6 +912,7 @@ variables: ARCH: amd64,arm64 - <<: *if-ruby3_1-branch + - !reference [".releases:rules:canonical-dot-com-gitlab-stable-branch-only-setup-test-env-patterns", rules] .build-images:rules:build-qa-image-as-if-foss: rules: @@ -1390,6 +1398,26 @@ changes: *frontend-build-patterns allow_failure: true +.frontend:rules:jest-snapshot: + rules: + - <<: *if-merge-request-labels-pipeline-expedite + when: never + - <<: *if-fork-merge-request + when: never + - <<: *if-merge-request-labels-run-all-jest + when: manual + allow_failure: true + - <<: *if-merge-request-labels-frontend-and-feature-flag + when: manual + allow_failure: true + - <<: *if-merge-request + changes: *frontend-dependency-patterns + when: manual + allow_failure: true + - <<: *if-merge-request + changes: [".gitlab/ci/rules.gitlab-ci.yml", ".gitlab/ci/frontend.gitlab-ci.yml"] + allow_failure: true + ################ # Memory rules # ################ @@ -1423,6 +1451,16 @@ ############ # QA rules # ############ +.qa:rules:update-gem-cache: + rules: + - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\//' + changes: + - qa/Gemfile.lock + - <<: *if-schedule-maintenance + - <<: *if-security-schedule + - <<: *if-foss-schedule + - <<: *if-merge-request-labels-update-caches + .qa:rules:code-merge-request-manual: rules: - <<: *if-merge-request @@ -1430,6 +1468,11 @@ when: manual allow_failure: true +.qa:rules:code-merge-request: + rules: + - <<: *if-merge-request + changes: *code-patterns + .qa:rules:internal: rules: - <<: *if-default-refs @@ -1440,11 +1483,11 @@ - <<: *if-default-refs changes: *code-qa-patterns -.qa:rules:as-if-foss: +.qa:rules:selectors-as-if-foss: rules: - !reference [".strict-ee-only-rules", rules] - - <<: *if-security-merge-request - changes: *code-qa-patterns + - <<: *if-merge-request + changes: *frontend-qa-patterns - <<: *if-merge-request-labels-as-if-foss - <<: *if-merge-request-labels-run-all-rspec @@ -1573,11 +1616,6 @@ changes: *ci-qa-patterns allow_failure: true - <<: *if-merge-request - changes: - - qa/Gemfile.lock # qa/Gemfile.lock is a part of *qa-patterns, so this rule must be placed before the one with *qa-patterns changes - variables: - UPDATE_QA_CACHE: "true" - - <<: *if-merge-request changes: *qa-patterns allow_failure: true - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified @@ -1616,11 +1654,6 @@ when: manual - <<: *if-merge-request changes: *nodejs-patterns - - <<: *if-merge-request - changes: - - qa/Gemfile.lock # qa/Gemfile.lock is a part of *qa-patterns, so this rule must be placed before the one with *qa-patterns changes - variables: - UPDATE_QA_CACHE: "true" - <<: *if-dot-com-gitlab-org-and-security-merge-request-and-qa-tests-specified changes: *code-patterns - <<: *if-merge-request @@ -1637,7 +1670,6 @@ CREATE_TEST_FAILURE_ISSUES: "true" PROCESS_TEST_RESULTS: "true" KNAPSACK_GENERATE_REPORT: "true" - UPDATE_QA_CACHE: "true" QA_SAVE_TEST_METRICS: "true" QA_EXPORT_TEST_METRICS: "false" # on main runs, metrics are exported to separate bucket via rake task for better consistency @@ -2125,8 +2157,28 @@ when: never - if: '$VERTEX_AI_CREDENTIALS == null' when: never + - <<: *if-fork-merge-request + when: never + +.rails:rules:ee-gitlab-duo-chat-optional: + rules: + - !reference [".rails:rules:ee-gitlab-duo-chat-base", rules] + - <<: *if-merge-request + changes: *backend-patterns + when: manual + allow_failure: true + +.rails:rules:ee-gitlab-duo-chat-always: + rules: + - !reference [".rails:rules:ee-gitlab-duo-chat-base", rules] - <<: *if-merge-request changes: *ai-patterns + +.rails:rules:ee-gitlab-duo-chat-qa-full: + rules: + - !reference [".rails:rules:ee-gitlab-duo-chat-optional", rules] + - <<: *if-default-branch-refs + changes: *setup-test-env-patterns when: manual allow_failure: true @@ -2335,6 +2387,7 @@ .rails:rules:clickhouse-changes: rules: + - <<: *if-dot-com-ee-schedule-default-branch-maintenance - <<: *if-merge-request changes: *backend-patterns @@ -2588,9 +2641,9 @@ when: never - <<: *if-merge-request-labels-pipeline-expedite when: never + - <<: *if-merge-request-labels-run-review-app - if: '$CI_REVIEW_APPS_ENABLED != "true"' when: never - - <<: *if-merge-request-labels-run-review-app - <<: *if-merge-request-not-approved when: never - <<: *if-dot-com-gitlab-org-merge-request @@ -2801,6 +2854,8 @@ changes: *code-backstage-patterns - <<: *if-default-refs changes: *workhorse-patterns + - <<: *if-default-branch-refs + changes: *setup-test-env-patterns - <<: *if-merge-request-labels-run-all-rspec - <<: *if-merge-request-labels-frontend-and-feature-flag - <<: *if-merge-request diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml index cc5e9bd2985..a101901d57b 100644 --- a/.gitlab/ci/setup.gitlab-ci.yml +++ b/.gitlab/ci/setup.gitlab-ci.yml @@ -197,8 +197,7 @@ trigger-omnibus-env: echo "NEXT_RUBY_VERSION=${NEXT_RUBY_VERSION}" >> $BUILD_ENV echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV echo "EE=$([[ $FOSS_ONLY == '1' ]] && echo 'false' || echo 'true')" >> $BUILD_ENV - target_branch_name="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-${CI_COMMIT_REF_NAME}}" - echo "TRIGGER_BRANCH=$([[ "${target_branch_name}" =~ ^[0-9-]+-stable(-ee)?$ ]] && echo ${target_branch_name%-ee} || echo 'master')" >> $BUILD_ENV + define_trigger_branch_in_build_env - | echo "Built environment file for omnibus build:" cat $BUILD_ENV diff --git a/.gitlab/ci/templates/gem.gitlab-ci.yml b/.gitlab/ci/templates/gem.gitlab-ci.yml index 449150bde6c..3faf56daace 100644 --- a/.gitlab/ci/templates/gem.gitlab-ci.yml +++ b/.gitlab/ci/templates/gem.gitlab-ci.yml @@ -21,6 +21,7 @@ spec: # Ensure dependency updates don't fail child pipelines: https://gitlab.com/gitlab-org/gitlab/-/issues/417428 - "Gemfile.lock" - "gems/gem.gitlab-ci.yml" + - "gems/gem-pg.gitlab-ci.yml" # Ensure new cop in the monolith don't break internal gems Rubocop checks: https://gitlab.com/gitlab-org/gitlab/-/issues/419915 - ".rubocop.yml" - "rubocop/**/*" diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml index 85d3ea11ac6..5ecacce339c 100644 --- a/.gitlab/ci/test-metadata.gitlab-ci.yml +++ b/.gitlab/ci/test-metadata.gitlab-ci.yml @@ -36,11 +36,13 @@ update-tests-metadata: - rspec migration pg14 - rspec-all frontend_fixture - rspec unit pg14 + - rspec unit clickhouse - rspec integration pg14 - rspec system pg14 - rspec background_migration pg14 - rspec-ee migration pg14 - rspec-ee unit pg14 + - rspec-ee unit clickhouse - rspec-ee integration pg14 - rspec-ee system pg14 - rspec-ee background_migration pg14 diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml index 2ce71062b25..b237a8f8d43 100644 --- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml @@ -12,12 +12,6 @@ include: .qa-run-all-tests: &qa-run-all-tests if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_RUN_ALL_E2E_LABEL == "true" || $QA_FEATURE_FLAGS =~ /deleted/ -variables: - COLORIZED_LOGS: "true" - GIT_DEPTH: "20" - GIT_STRATEGY: "clone" # 'GIT_STRATEGY: clone' optimizes the pack-objects cache hit ratio - GIT_SUBMODULE_STRATEGY: "none" - .rules:gdk:qa-selective: rules: - <<: *code-pattern-changes @@ -27,9 +21,14 @@ variables: .rules:gdk:qa-parallel: rules: - - *code-pattern-changes + - <<: *code-pattern-changes + variables: + QA_TESTS: "" + # To account for cases where a group label is set which may trigger selective execution + # But we want to execute full reliable suite on gdk in case of code-pattern-changes - !reference [.rules:test:qa-parallel, rules] - if: $QA_SUITES =~ /Test::Instance::Blocking/ + - !reference [.rules:test:manual, rules] .rules:gdk:qa-smoke: rules: @@ -40,6 +39,7 @@ variables: variables: QA_TESTS: "" - if: $QA_SUITES =~ /Test::Instance::Smoke/ + - !reference [.rules:test:manual, rules] .gdk-qa-base: image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23 @@ -107,22 +107,6 @@ variables: expire_in: 7 days when: always -download-knapsack-report: - extends: - - .download-knapsack-report - - .rules:download-knapsack - -cache-gems: - extends: - - .ruby-image - - .qa-cache-push - - .rules:update-cache - stage: .pre - tags: - - e2e - script: - - cd qa && bundle install - # Take the existing GDK docker image and reconfigure it with Postgres load # balancing. Adding 5s lag to 1 of the replicas to validate robustness of # the load balancer. @@ -137,11 +121,31 @@ cache-gems: gdk reconfigure &&\ gdk restart" +# ========================================== +# Pre stage +# ========================================== +# override .download-knapsack-report job to not depend on qa-image build +download-knapsack-report: + extends: + - .download-knapsack-report + - .ruby-image + - .bundler-variables + - .qa-cache + - .rules:download-knapsack + variables: + GIT_STRATEGY: clone + before_script: + - cd qa && bundle install + after_script: [] + download-fast-quarantine-report: extends: - .download-fast-quarantine-report - .rules:download-fast-quarantine-report +# ========================================== +# Test stage +# ========================================== gdk-qa-smoke: extends: - .gdk-qa-base @@ -215,13 +219,15 @@ gdk-qa-non-blocking: QA_RUN_TYPE: gdk-qa-non-blocking rules: - when: manual - allow_failure: true + allow_failure: true # ========================================== # Post test stage # ========================================== e2e-test-report: extends: .rules:report:allure-report + variables: + ALLURE_REPORT_RESULTS_GLOB: "qa/tmp/allure-results" upload-knapsack-report: extends: diff --git a/.gitlab/ci/vendored-gems.gitlab-ci.yml b/.gitlab/ci/vendored-gems.gitlab-ci.yml index 915cca2dd29..b7dc35481c6 100644 --- a/.gitlab/ci/vendored-gems.gitlab-ci.yml +++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml @@ -43,3 +43,7 @@ include: inputs: gem_name: "sidekiq-reliable-fetch" gem_path_prefix: "vendor/gems/" + - local: .gitlab/ci/templates/gem.gitlab-ci.yml + inputs: + gem_name: "diff_match_patch" + gem_path_prefix: "vendor/gems/" diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml index 29c7edebc4f..9aa0b349c16 100644 --- a/.gitlab/ci/workhorse.gitlab-ci.yml +++ b/.gitlab/ci/workhorse.gitlab-ci.yml @@ -33,7 +33,7 @@ workhorse:test go: extends: .workhorse:test parallel: matrix: - - GO_VERSION: ["1.19", "1.20", "1.21"] + - GO_VERSION: ["1.20", "1.21"] REDIS_VERSION: ["7.0", "6.2"] script: - make -C workhorse test-coverage @@ -47,7 +47,7 @@ workhorse:test fips: extends: .workhorse:test parallel: matrix: - - GO_VERSION: ["1.19", "1.20", "1.21"] + - GO_VERSION: ["1.20", "1.21"] REDIS_VERSION: ["7.0", "6.2"] image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60 variables: diff --git a/.gitlab/issue_templates/Feature Flag Cleanup.md b/.gitlab/issue_templates/Feature Flag Cleanup.md index 466c5c878c7..7c2efe71ac2 100644 --- a/.gitlab/issue_templates/Feature Flag Cleanup.md +++ b/.gitlab/issue_templates/Feature Flag Cleanup.md @@ -42,7 +42,7 @@ Are there any other stages or teams involved that need to be kept in the loop? the feature can be officially announced in a release blog post. - [ ] `/chatops run auto_deploy status <merge-commit-of-cleanup-mr>` - [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone. -- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: `/chatops run feature delete <feature-flag-name> --dev --ops --pre --staging --staging-ref --production` +- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel: `/chatops run feature delete <feature-flag-name> --dev --pre --staging --staging-ref --production` - [ ] Close this rollout issue. diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md index 3bd39a73904..19796eda71a 100644 --- a/.gitlab/issue_templates/Feature Flag Roll Out.md +++ b/.gitlab/issue_templates/Feature Flag Roll Out.md @@ -32,16 +32,16 @@ Note: Please make sure to run the chatops commands in the Slack channel that get - Verify the MR with the feature flag is merged to `master` and have been deployed to non-production environments with `/chatops run auto_deploy status <merge-commit-of-your-feature>` <!-- Delete Incremental roll out if it is not relevant to this deploy --> -- [ ] Deploy the feature flag at a percentage (recommended percentage: 50%) with `/chatops run feature set <feature-flag-name> <rollout-percentage> --actors --dev --staging --staging-ref` +- [ ] Deploy the feature flag at a percentage (recommended percentage: 50%) with `/chatops run feature set <feature-flag-name> <rollout-percentage> --actors --dev --pre --staging --staging-ref` - [ ] Monitor that the error rates did not increase (repeat with a different percentage as necessary). <!-- End of block for deletes --> -- [ ] Enable the feature globally on non-production environments with `/chatops run feature set <feature-flag-name> true --dev --staging --staging-ref` +- [ ] Enable the feature globally on non-production environments with `/chatops run feature set <feature-flag-name> true --dev --pre --staging --staging-ref` - [ ] Verify that the feature works as expected. The best environment to validate the feature in is [`staging-canary`](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary) as this is the first environment deployed to. Make sure you are [configured to use canary](https://next.gitlab.com/). - [ ] If the feature flag causes end-to-end tests to fail, disable the feature flag on staging to avoid blocking [deployments](https://about.gitlab.com/handbook/engineering/deployments-and-releases/deployments/). -For assistance with end-to-end test failures, please reach out via the [`#quality` Slack channel](https://gitlab.slack.com/archives/C3JJET4Q6). Note that end-to-end test failures on `staging-ref` [don't block deployments](https://about.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#how-to-use-staging-ref). +For assistance with end-to-end test failures, please reach out via the [`#test-platform` Slack channel](https://gitlab.slack.com/archives/C3JJET4Q6). Note that end-to-end test failures on `staging-ref` [don't block deployments](https://about.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#how-to-use-staging-ref). ### Specific rollout on production @@ -103,7 +103,7 @@ To do so, follow these steps: - [ ] Ensure that the default-enabling MR has been included in the release package. If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1), the feature can be officially announced in a release blog post: `/chatops run release check <merge-request-url> <milestone>` -- [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled: `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production` +- [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled: `/chatops run feature delete <feature-flag-name> --dev --pre --staging --staging-ref --production` - [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone. - [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature). - [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature). @@ -132,7 +132,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1), the feature can be officially announced in a release blog post: `/chatops run release check <merge-request-url> <milestone>` - [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone. -- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel: `/chatops run feature delete <feature-flag-name> --dev --ops --pre --staging --staging-ref --production` +- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel: `/chatops run feature delete <feature-flag-name> --dev --pre --staging --staging-ref --production` - [ ] Close this rollout issue. ## Rollback Steps diff --git a/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md b/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md index 7fac499fd18..08049daab22 100644 --- a/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md +++ b/.gitlab/issue_templates/Pipeline Authoring Issue Implementation.md @@ -12,6 +12,8 @@ ## Proposal +## Confirm purpose and User Reception (how does this benefit the user?) + ## Additional details <!-- _NOTE: If the issue has addressed all of these questions, this separate section can be removed._ diff --git a/.gitlab/issue_templates/SHA256_Bug.md b/.gitlab/issue_templates/SHA256_Bug.md new file mode 100644 index 00000000000..18638c23b81 --- /dev/null +++ b/.gitlab/issue_templates/SHA256_Bug.md @@ -0,0 +1,23 @@ +<!-- Title suggestion: [Sha 256] <issue description> --> + +This issue describes an anomaly with the GitLab application with projects that +use SHA256 as the hashing algorithm in the repository. + +## Where in the application are you seeing this issue? + +### URL of the page + +<!-- Provide the URL of the page in question --> + +### How did you expect the application to behave? + +<!-- Provide a description of how you expected the application to behave, look, +etc --> + +### How did the application behave? + + +<!-- Provide a description of how the application actually behaved --> + +/epic https://gitlab.com/groups/gitlab-org/-/epics/10981 +/label ~"group::gitaly" ~"group::gitaly::git" ~"type::bug" diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index d7ed4bf30e4..22b87786fb3 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -28,19 +28,19 @@ After your merge request has been approved according to our [approval guidelines ## Backports -- [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches - * The 3 stable branches correspond to the versions in the title of the Security Release Tracking Issue. +- [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches. + * The 3 stable branches correspond to the versions in the title of the [Security Release Tracking Issue]. * At this point, it might be easy to squash the commits from the MR into one * You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation] - [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security Release merge request template]. * Every merge request will have its own set of to-dos, so make sure to complete those. - [ ] On the "Related merge requests" section, ensure that `4` merge requests are associated: The one targeting `master` and the `3` backports. -- [ ] If this issue requires less than `4` merge requests, post a message on the Security Release Tracking Issue and ping the Release Managers. +- [ ] If this issue requires less than `4` merge requests, add the ~"reduced backports" label. ## Assigning to a release -- [ ] **IMPORTANT**: When this issue is ready for release (Default branch MR and backports are approved and ready to be merged), apply the ~"security-target" label. - * The `gitlab-release-tools-bot` evaluates and links issues with the label to the next planned security release tracking issue. If the bot finds the issue is not ready to be included in the security release, it will leave a comment on the issue explaining what needs to be done. +- [ ] **IMPORTANT**: When this issue is ready for release (Default branch MR and backports are approved and ready to be merged), apply the ~"security-target" label. + * The `gitlab-release-tools-bot` evaluates and links issues with the label to the next planned security release tracking issue. If the bot finds the issue is not ready to be included in the security release, it will leave a comment on the issue explaining what needs to be done. * This issue will only be included in a security release if it is successfully linked to the security release tracking issue. ## Documentation and final details @@ -82,5 +82,6 @@ After your merge request has been approved according to our [approval guidelines [issue as linked]: https://docs.gitlab.com/ee/user/project/issues/related_issues.html#add-a-linked-issue [issue really needs to follow the security release workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#making-sure-the-issue-needs-to-follow-the-security-release-workflow [breaking changes workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/far_reaching_impact_fixes_or_breaking_change_fixes.md +[Security Release Tracking Issue]: https://gitlab.com/gitlab-org/gitlab/-/issues/?label_name%5B%5D=upcoming%20security%20release /label ~security ~"security-notifications" diff --git a/.gitlab/merge_request_templates/Default.md b/.gitlab/merge_request_templates/Default.md index 3cb3f6473e6..a396d375ba1 100644 --- a/.gitlab/merge_request_templates/Default.md +++ b/.gitlab/merge_request_templates/Default.md @@ -10,6 +10,11 @@ especially important if they didn't participate in the discussion. %{first_multiline_commit} +## MR acceptance checklist + +**Please evaluate this MR against the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist).** +It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability. + ## Screenshots or screen recordings _Screenshots are required for UI changes, and strongly recommended for all other merge requests._ @@ -39,12 +44,6 @@ Example below: 1. Click the `invite members` button. --> -## MR acceptance checklist - -This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability. - -* [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR. - <!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md --> /assign me diff --git a/.gitlab/merge_request_templates/Deprecations.md b/.gitlab/merge_request_templates/Deprecations.md index c1321dd9f96..fb998dae6c1 100644 --- a/.gitlab/merge_request_templates/Deprecations.md +++ b/.gitlab/merge_request_templates/Deprecations.md @@ -11,7 +11,7 @@ If there is no relevant deprecation issue, hit pause and: Deprecation announcements can and should be created and merged into Docs at any time, to optimize user awareness and planning. We encourage confirmed deprecations to be merged as soon as the required reviews are complete, even if weeks ahead of the target milestone's release post. For the announcement to be included in a specific release post and that release's documentation packages, this MR must be reviewed/merged per the due dates below: -**By the 10th**: Assign this MR to these team members as Reviewer and for Approval (optional unless noted as required): +**10 days (Monday) before the Release Date**: Assign this MR to these team members as Reviewer and for Approval (optional unless noted as required): - Product Marketing: `@PMM` - Product Designer(s): `@ProductDesigners` @@ -19,9 +19,9 @@ Deprecation announcements can and should be created and merged into Docs at any - Engineering Manager: `@EM` - Required - Technical writer: `@TW` - Required -**By 11:59 AM PDT 15th**: EM/PM assigns this MR to the TW reviewer for final review and merge: `@EM/PM` +**By 11:59 AM PDT 8 days (Wednesday) before the Release Date**: EM/PM assigns this MR to the TW reviewer for final review and merge: `@EM/PM` -**By 11:59 PM PDT 17th**: TW Reviewer updates Docs by merging this MR to `master`: `@TW` +**By 11:59 PM PDT 6 days (Friday) before the Release Date**: TW Reviewer updates Docs by merging this MR to `master`: `@TW` --- @@ -54,7 +54,7 @@ feature for all reviews. Reviewers will then approve the MR and remove themselve - [ ] (Recommended) PMM - [ ] (Optional) Product Designer - [ ] (Optional) Group Manager or Director -- [ ] Required review and approval: [Technical Writer designated to the corresponding DevOps stage/group](https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments). +- [ ] Required review and approval: [Technical Writer designated to the corresponding DevOps stage/group](https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments). ### Tech writer review diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md index bc736200046..6617184cad7 100644 --- a/.gitlab/merge_request_templates/Documentation.md +++ b/.gitlab/merge_request_templates/Documentation.md @@ -16,7 +16,7 @@ - [ ] If you're adding or changing the main heading of the page (H1), ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added. - [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature) based on: - The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/#metadata). - - The [associated Technical Writer](https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments). + - The [associated Technical Writer](https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments). If you are a GitLab team member and only adding documentation, do not add any of the following labels: diff --git a/.gitlab/merge_request_templates/New Version of gitlab-styles.md b/.gitlab/merge_request_templates/New Version of gitlab-styles.md index 5e7f2319650..fa0eecc0e9d 100644 --- a/.gitlab/merge_request_templates/New Version of gitlab-styles.md +++ b/.gitlab/merge_request_templates/New Version of gitlab-styles.md @@ -37,8 +37,12 @@ This MR can be reused to upgrade `gitlab-styles` in this project after a new ver ## MR acceptance checklist -This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability. +**Please evaluate this MR against the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist).** +It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability. -* [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR. +## After merge + +- [ ] Notify team members of the upgrade by creating an announcement in relevant Slack channels (`#backend` and `#development`) +and Engineering Week In Review (EWIR). /label ~"type::maintenance" ~"maintenance::dependency" ~backend ~"Engineering Productivity" ~"static code analysis" diff --git a/.gitlab/merge_request_templates/Quarantine End to End Test.md b/.gitlab/merge_request_templates/Quarantine End to End Test.md index 731b51b169b..c2f8143f13b 100644 --- a/.gitlab/merge_request_templates/Quarantine End to End Test.md +++ b/.gitlab/merge_request_templates/Quarantine End to End Test.md @@ -19,12 +19,12 @@ the noise (due to constantly failing tests, flaky tests, and so on) so that new - [ ] [Code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - [ ] [Style guides](https://docs.gitlab.com/ee/development/contributing/style_guides.html) - [ ] Quarantine test check-list - - [ ] Follow the [Quarantining Tests guide](https://about.gitlab.com/handbook/engineering/quality/quality-engineering/debugging-qa-test-failures/#quarantining-tests). - - [ ] Confirm the test has a [`quarantine:` tag with the specified quarantine type](https://about.gitlab.com/handbook/engineering/quality/quality-engineering/debugging-qa-test-failures/#quarantined-test-types). + - [ ] Follow the [Quarantining Tests guide](https://about.gitlab.com/handbook/engineering/infrastructure/test-platform/debugging-qa-test-failures/#quarantining-tests). + - [ ] Confirm the test has a [`quarantine:` tag with the specified quarantine type](https://about.gitlab.com/handbook/engineering/infrastructure/test-platform/debugging-qa-test-failures/#quarantined-test-types). - [ ] Note if the test should be [quarantined for a specific environment](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/execution_context_selection.html#quarantine-a-test-for-a-specific-environment). - [ ] (Optionally) In case of an emergency (e.g. blocked deployments), consider adding labels to pick into auto-deploy (~"Pick into auto-deploy" ~"priority::1" ~"severity::1"). - [ ] Dequarantine test check-list - - [ ] Follow the [Dequarantining Tests guide](https://about.gitlab.com/handbook/engineering/quality/quality-engineering/debugging-qa-test-failures/#dequarantining-tests). + - [ ] Follow the [Dequarantining Tests guide](https://about.gitlab.com/handbook/engineering/infrastructure/test-platform/debugging-qa-test-failures/#dequarantining-tests). - [ ] Confirm the test consistently passes on the target GitLab environment(s). - [ ] To ensure a faster turnaround, ask in the `#quality_maintainers` Slack channel for someone to review and merge the merge request, rather than assigning it directly. diff --git a/.gitlab/merge_request_templates/Revert To Resolve Incident.md b/.gitlab/merge_request_templates/Revert To Resolve Incident.md index c1980d70768..9f8c42ac67c 100644 --- a/.gitlab/merge_request_templates/Revert To Resolve Incident.md +++ b/.gitlab/merge_request_templates/Revert To Resolve Incident.md @@ -23,7 +23,7 @@ ### Related issues and merge requests -/label ~"pipeline:expedite" ~"master:broken" +/label ~"pipeline:expedite" ~"master:broken" ~"Pick into auto-deploy" ~"severity::1" ~"priority::1" <!-- Regression label: if applicable, specify the milestone-specific regression label diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md index 772b73d1066..cffdffa9256 100644 --- a/.gitlab/merge_request_templates/Security Release.md +++ b/.gitlab/merge_request_templates/Security Release.md @@ -24,7 +24,6 @@ See [the general developer security release guidelines](https://gitlab.com/gitla - Please see the security release [Code reviews and Approvals] documentation for details on which AppSec team member to ping for approval. - Trigger the [`e2e:package-and-test` job]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated. - [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`). - - [ ] Milestone is set to the version this backport applies to. A closed milestone can be assigned via [quick actions]. - [ ] Ensure it's approved by the same maintainer that reviewed and approved the merge request targeting the default branch. - [ ] Ensure this merge request and the related security issue have a `~severity::x` label @@ -32,7 +31,6 @@ See [the general developer security release guidelines](https://gitlab.com/gitla ## Maintainer checklist -- [ ] Correct milestone is applied and the title is matching across all backports. - [ ] Assigned (_not_ as reviewer) to `@gitlab-release-tools-bot` with passing CI pipelines. - [ ] Correct `~severity::x` label is applied to this merge request and the related security issue. diff --git a/.gitlab/merge_request_templates/Stable Branch.md b/.gitlab/merge_request_templates/Stable Branch.md index 4ad8e6fc8a2..7130067b1f2 100644 --- a/.gitlab/merge_request_templates/Stable Branch.md +++ b/.gitlab/merge_request_templates/Stable Branch.md @@ -18,6 +18,7 @@ This checklist encourages us to confirm any changes have been analyzed to reduce * [ ] This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. * [ ] The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes). * [ ] This MR has a [severity label] assigned (if applicable). +* [ ] Set the milestone of the merge request to match the target backport branch version. * [ ] This MR has been approved by a maintainer (only one approval is required). * [ ] Ensure the `e2e:package-and-test-ee` job has either succeeded or been approved by a Software Engineer in Test. |