diff options
73 files changed, 563 insertions, 758 deletions
diff --git a/.rubocop_todo/layout/argument_alignment.yml b/.rubocop_todo/layout/argument_alignment.yml index 0bb29744fb5..c1aabf986a4 100644 --- a/.rubocop_todo/layout/argument_alignment.yml +++ b/.rubocop_todo/layout/argument_alignment.yml @@ -1518,12 +1518,6 @@ Layout/ArgumentAlignment: - 'spec/requests/api/graphql/gitlab_schema_spec.rb' - 'spec/requests/api/graphql/group/group_members_spec.rb' - 'spec/requests/api/graphql/milestone_spec.rb' - - 'spec/requests/api/graphql/mutations/admin/sidekiq_queues/delete_jobs_spec.rb' - - 'spec/requests/api/graphql/mutations/alert_management/alerts/create_alert_issue_spec.rb' - - 'spec/requests/api/graphql/mutations/boards/issues/issue_move_list_spec.rb' - - 'spec/requests/api/graphql/mutations/ci/pipeline_retry_spec.rb' - - 'spec/requests/api/graphql/mutations/clusters/agent_tokens/agent_tokens/create_spec.rb' - - 'spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb' - 'spec/requests/api/graphql/mutations/container_expiration_policy/update_spec.rb' - 'spec/requests/api/graphql/mutations/design_management/upload_spec.rb' - 'spec/requests/api/graphql/mutations/issues/link_alerts_spec.rb' @@ -1536,13 +1530,6 @@ Layout/ArgumentAlignment: - 'spec/requests/api/graphql/mutations/issues/unlink_alerts_spec.rb' - 'spec/requests/api/graphql/mutations/jira_import/import_users_spec.rb' - 'spec/requests/api/graphql/mutations/jira_import/start_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/reviewer_rereview_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_assignees_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_draft_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_labels_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_locked_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb' - - 'spec/requests/api/graphql/mutations/merge_requests/set_reviewers_spec.rb' - 'spec/requests/api/graphql/mutations/metrics/dashboard/annotations/create_spec.rb' - 'spec/requests/api/graphql/packages/conan_spec.rb' - 'spec/requests/api/graphql/tasks/task_completion_status_spec.rb' diff --git a/.rubocop_todo/rspec/factory_bot/excessive_create_list.yml b/.rubocop_todo/rspec/factory_bot/excessive_create_list.yml index 386c7317f3c..0bbf59cc244 100644 --- a/.rubocop_todo/rspec/factory_bot/excessive_create_list.yml +++ b/.rubocop_todo/rspec/factory_bot/excessive_create_list.yml @@ -7,11 +7,8 @@ RSpec/FactoryBot/ExcessiveCreateList: - 'ee/spec/models/audit_events/instance_external_audit_event_destination_spec.rb' - 'ee/spec/models/license_spec.rb' - 'ee/spec/models/package_metadata/advisory_spec.rb' - - 'ee/spec/models/package_metadata/checkpoint_spec.rb' - 'ee/spec/requests/projects/merge_requests_controller_spec.rb' - 'ee/spec/services/ci/llm/generate_config_service_spec.rb' - - 'ee/spec/support/protected_tags/access_control_shared_examples.rb' - - 'ee/spec/support/shared_examples/features/protected_branches_access_control_shared_examples.rb' - 'ee/spec/views/admin/application_settings/_elasticsearch_form.html.haml_spec.rb' - 'spec/controllers/autocomplete_controller_spec.rb' - 'spec/controllers/explore/projects_controller_spec.rb' @@ -26,7 +23,6 @@ RSpec/FactoryBot/ExcessiveCreateList: - 'spec/features/projects/work_items/work_item_spec.rb' - 'spec/features/users/overview_spec.rb' - 'spec/frontend/fixtures/timelogs.rb' - - 'spec/helpers/issuables_helper_spec.rb' - 'spec/lib/gitlab/database/background_migration/batched_migration_spec.rb' - 'spec/lib/gitlab/database/consistency_checker_spec.rb' - 'spec/models/project_spec.rb' diff --git a/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue b/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue index c715d6af28a..395770826d8 100644 --- a/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue +++ b/app/assets/javascripts/ci/pipeline_details/graph/components/linked_pipelines_column.vue @@ -209,7 +209,7 @@ export default { </script> <template> - <div class="gl-display-flex" :class="{ 'gl-w-full': isNewPipelineGraph }"> + <div class="gl-display-flex" :class="{ 'gl-w-full gl-sm-w-auto': isNewPipelineGraph }"> <div :class="columnClass" class="linked-pipelines-column"> <div data-testid="linked-column-title" :class="computedTitleClasses"> {{ columnTitle }} diff --git a/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue b/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue index ed5ce02c32e..651662d6395 100644 --- a/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue +++ b/app/assets/javascripts/ci/pipeline_details/header/pipeline_details_header.vue @@ -58,6 +58,10 @@ export default { i18n: { scheduleBadgeText: s__('Pipelines|Scheduled'), scheduleBadgeTooltip: __('This pipeline was created by a schedule'), + triggerBadgeText: __('trigger token'), + triggerBadgeTooltip: __( + 'This pipeline was created by an API call authenticated with a trigger token', + ), childBadgeText: s__('Pipelines|Child pipeline (%{linkStart}parent%{linkEnd})'), childBadgeTooltip: __('This is a child pipeline within the parent pipeline'), latestBadgeText: s__('Pipelines|latest'), @@ -462,6 +466,15 @@ export default { {{ $options.i18n.scheduleBadgeText }} </gl-badge> <gl-badge + v-if="badges.trigger" + v-gl-tooltip + :title="$options.i18n.triggerBadgeTooltip" + variant="info" + size="sm" + > + {{ $options.i18n.triggerBadgeText }} + </gl-badge> + <gl-badge v-if="badges.child" v-gl-tooltip :title="$options.i18n.childBadgeTooltip" diff --git a/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js b/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js index 0ab5d9bcda0..4966b657887 100644 --- a/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js +++ b/app/assets/javascripts/ci/pipeline_details/pipeline_details_header.js @@ -23,6 +23,7 @@ export const createPipelineDetailsHeaderApp = (elSelector, apolloProvider, graph failureReason, triggeredByPath, schedule, + trigger, child, latest, mergeTrainPipeline, @@ -60,6 +61,7 @@ export const createPipelineDetailsHeaderApp = (elSelector, apolloProvider, graph refText, badges: { schedule: parseBoolean(schedule), + trigger: parseBoolean(trigger), child: parseBoolean(child), latest: parseBoolean(latest), mergeTrainPipeline: parseBoolean(mergeTrainPipeline), diff --git a/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue b/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue index 237f1a0306a..31d8f207a63 100644 --- a/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue +++ b/app/assets/javascripts/ci/pipelines_page/components/pipeline_labels.vue @@ -1,7 +1,7 @@ <script> import { GlLink, GlPopover, GlSprintf, GlTooltipDirective, GlBadge } from '@gitlab/ui'; import { helpPagePath } from '~/helpers/help_page_helper'; -import { SCHEDULE_ORIGIN, API_ORIGIN } from '../constants'; +import { SCHEDULE_ORIGIN, API_ORIGIN, TRIGGER_ORIGIN } from '../constants'; export default { components: { @@ -31,6 +31,9 @@ export default { isScheduled() { return this.pipeline.source === SCHEDULE_ORIGIN; }, + isTriggered() { + return this.pipeline.source === TRIGGER_ORIGIN; + }, isInFork() { return Boolean( this.targetProjectFullPath && @@ -70,6 +73,15 @@ export default { >{{ __('scheduled') }}</gl-badge > <gl-badge + v-if="isTriggered" + v-gl-tooltip + :title="__('This pipeline was created by an API call authenticated with a trigger token')" + variant="info" + size="sm" + data-testid="pipeline-url-triggered" + >{{ __('trigger token') }}</gl-badge + > + <gl-badge v-if="pipeline.flags.latest" v-gl-tooltip :title="__('Latest pipeline for the most recent commit on this branch')" diff --git a/app/assets/javascripts/ci/pipelines_page/constants.js b/app/assets/javascripts/ci/pipelines_page/constants.js index a576ce7f4f5..438eda44afe 100644 --- a/app/assets/javascripts/ci/pipelines_page/constants.js +++ b/app/assets/javascripts/ci/pipelines_page/constants.js @@ -2,3 +2,4 @@ export const ANY_TRIGGER_AUTHOR = 'Any'; export const FILTER_PIPELINES_SEARCH_DELAY = 200; export const SCHEDULE_ORIGIN = 'schedule'; export const API_ORIGIN = 'api'; +export const TRIGGER_ORIGIN = 'trigger'; diff --git a/app/assets/javascripts/issuable/components/locked_badge.vue b/app/assets/javascripts/issuable/components/locked_badge.vue index f97ac888417..652d02e8f9d 100644 --- a/app/assets/javascripts/issuable/components/locked_badge.vue +++ b/app/assets/javascripts/issuable/components/locked_badge.vue @@ -20,9 +20,12 @@ export default { }, computed: { title() { - return sprintf(__('This %{issuable} is locked. Only project members can comment.'), { - issuable: issuableTypeText[this.issuableType], - }); + return sprintf( + __('The discussion in this %{issuable} is locked. Only project members can comment.'), + { + issuable: issuableTypeText[this.issuableType], + }, + ); }, }, }; diff --git a/app/assets/javascripts/notes/components/discussion_locked_widget.vue b/app/assets/javascripts/notes/components/discussion_locked_widget.vue index bcf9b4cf893..a999b633f64 100644 --- a/app/assets/javascripts/notes/components/discussion_locked_widget.vue +++ b/app/assets/javascripts/notes/components/discussion_locked_widget.vue @@ -24,7 +24,9 @@ export default { }, lockedIssueWarning() { return sprintf( - __('This %{issuableDisplayName} is locked. Only project members can comment.'), + __( + 'The discussion in this %{issuableDisplayName} is locked. Only project members can comment.', + ), { issuableDisplayName: this.issuableDisplayName }, ); }, diff --git a/app/assets/javascripts/observability/constants.js b/app/assets/javascripts/observability/constants.js index 02cd34db4c1..34c43a10fc0 100644 --- a/app/assets/javascripts/observability/constants.js +++ b/app/assets/javascripts/observability/constants.js @@ -1,7 +1,7 @@ export const SORTING_OPTIONS = { - CREATED_DESC: 'created_desc', - CREATED_ASC: 'created_asc', + TIMESTAMP_DESC: 'timestamp_desc', + TIMESTAMP_ASC: 'timestamp_asc', DURATION_DESC: 'duration_desc', DURATION_ASC: 'duration_asc', }; -export const DEFAULT_SORTING_OPTION = SORTING_OPTIONS.CREATED_DESC; +export const DEFAULT_SORTING_OPTION = SORTING_OPTIONS.TIMESTAMP_DESC; diff --git a/app/assets/javascripts/sidebar/components/lock/edit_form.vue b/app/assets/javascripts/sidebar/components/lock/edit_form.vue index c9e651370f9..1497b229a59 100644 --- a/app/assets/javascripts/sidebar/components/lock/edit_form.vue +++ b/app/assets/javascripts/sidebar/components/lock/edit_form.vue @@ -27,11 +27,10 @@ export default { <gl-sprintf :message=" __( - 'Unlock this %{issuableDisplayName}? %{strongStart}Everyone%{strongEnd} will be able to comment.', + 'Unlock this discussion? %{strongStart}Everyone%{strongEnd} will be able to comment.', ) " > - <template #issuableDisplayName>{{ issuableDisplayName }}</template> <template #strong="{ content }" ><strong>{{ content }}</strong></template > @@ -42,11 +41,10 @@ export default { <gl-sprintf :message=" __( - 'Lock this %{issuableDisplayName}? Only %{strongStart}project members%{strongEnd} will be able to comment.', + 'Lock this discussion? Only %{strongStart}project members%{strongEnd} will be able to comment.', ) " > - <template #issuableDisplayName>{{ issuableDisplayName }}</template> <template #strong="{ content }" ><strong>{{ content }}</strong></template > diff --git a/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue b/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue index 16235275a54..977d1d6f668 100644 --- a/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue +++ b/app/assets/javascripts/sidebar/components/lock/issuable_lock_form.vue @@ -50,12 +50,12 @@ export default { issueCapitalized: __('Issue'), mergeRequest: __('merge request'), mergeRequestCapitalized: __('Merge request'), - lockingMergeRequest: __('Locking %{issuableDisplayName}'), - unlockingMergeRequest: __('Unlocking %{issuableDisplayName}'), - lockMergeRequest: __('Lock %{issuableDisplayName}'), - unlockMergeRequest: __('Unlock %{issuableDisplayName}'), - lockedMessage: __('%{issuableDisplayName} locked.'), - unlockedMessage: __('%{issuableDisplayName} unlocked.'), + lockingMergeRequest: __('Locking discussion'), + unlockingMergeRequest: __('Unlocking discussion'), + lockMergeRequest: __('Lock discussion'), + unlockMergeRequest: __('Unlock discussion'), + lockedMessage: __('Discussion locked.'), + unlockedMessage: __('Discussion unlocked.'), }, data() { return { @@ -152,7 +152,7 @@ export default { }) .catch(() => { const alertMessage = __( - 'Something went wrong trying to change the locked state of this %{issuableDisplayName}', + 'Something went wrong trying to change the locked state of the discussion', ); createAlert({ message: sprintf(alertMessage, { issuableDisplayName: this.issuableDisplayName }), diff --git a/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue b/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue index 0ec8b6e2a0a..3bee539688b 100644 --- a/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue +++ b/app/assets/javascripts/vue_shared/components/notes/noteable_warning.vue @@ -64,7 +64,7 @@ export default { }); }, lockedContextText() { - return sprintf(__('This %{noteableTypeText} is locked.'), { + return sprintf(__('The discussion in this %{noteableTypeText} is locked.'), { noteableTypeText: this.noteableTypeText, }); }, @@ -80,7 +80,7 @@ export default { <gl-sprintf :message=" __( - 'This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and %{lockedLinkStart}locked%{lockedLinkEnd}.', + 'This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and its %{lockedLinkStart}discussion is locked%{lockedLinkEnd}.', ) " > diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 4163ff8727c..83409c7e096 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -34,7 +34,6 @@ class JwtController < ApplicationController authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, request: request) - @raw_token = password if @authentication_result.failed? log_authentication_failed(login, @authentication_result) @@ -81,7 +80,6 @@ class JwtController < ApplicationController def additional_params { scopes: scopes_param, - raw_token: @raw_token, deploy_token: @authentication_result.deploy_token, auth_type: @authentication_result.type }.compact diff --git a/app/helpers/projects/pipeline_helper.rb b/app/helpers/projects/pipeline_helper.rb index 1558f013462..fc33e239451 100644 --- a/app/helpers/projects/pipeline_helper.rb +++ b/app/helpers/projects/pipeline_helper.rb @@ -37,6 +37,7 @@ module Projects failure_reason: pipeline.failure_reason, triggered_by_path: pipeline.child? ? pipeline_path(pipeline.triggered_by_pipeline) : '', schedule: pipeline.schedule?.to_s, + trigger: pipeline.trigger?.to_s, child: pipeline.child?.to_s, latest: pipeline.latest?.to_s, merge_train_pipeline: pipeline.merge_train_pipeline?.to_s, diff --git a/app/models/deploy_token.rb b/app/models/deploy_token.rb index 2405ff3d252..920321a1699 100644 --- a/app/models/deploy_token.rb +++ b/app/models/deploy_token.rb @@ -11,6 +11,7 @@ class DeployToken < ApplicationRecord AVAILABLE_SCOPES = %i[read_repository read_registry write_registry read_package_registry write_package_registry].freeze GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token' + REQUIRED_DEPENDENCY_PROXY_SCOPES = %i[read_registry write_registry].freeze attribute :expires_at, default: -> { Forever.date } @@ -56,7 +57,7 @@ class DeployToken < ApplicationRecord def valid_for_dependency_proxy? group_type? && active? && - (Gitlab::Auth::REGISTRY_SCOPES & scopes).size == Gitlab::Auth::REGISTRY_SCOPES.size + REQUIRED_DEPENDENCY_PROXY_SCOPES.all? { |scope| scope.in?(scopes) } end def revoke! diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index f927d976f0d..ca170133105 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -69,9 +69,7 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy end condition(:dependency_proxy_access_allowed) do - valid_dependency_proxy_human_token || - valid_dependency_proxy_group_access_token || - valid_dependency_proxy_deploy_token + access_level(for_any_session: true) >= GroupMember::GUEST || valid_dependency_proxy_deploy_token end desc "Deploy token with read_package_registry scope" @@ -388,18 +386,6 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy user.is_a?(User) end - def user_is_human? - user_is_user? && user.human? - end - - def user_is_project_bot? - user_is_user? && user.project_bot? - end - - def user_is_deploy_token? - user.is_a?(DeployToken) - end - def group @subject end @@ -420,16 +406,8 @@ class GroupPolicy < Namespaces::GroupProjectNamespaceSharedPolicy resource_access_token_create_feature_available? && group.root_ancestor.namespace_settings.resource_access_token_creation_allowed? end - def valid_dependency_proxy_human_token - user_is_human? && access_level(for_any_session: true) >= GroupMember::GUEST - end - - def valid_dependency_proxy_group_access_token - user_is_project_bot? && access_level(for_any_session: true) >= GroupMember::GUEST - end - def valid_dependency_proxy_deploy_token - user_is_deploy_token? && @user&.valid_for_dependency_proxy? && @user&.has_access_to_group?(@subject) + @user.is_a?(DeployToken) && @user&.valid_for_dependency_proxy? && @user&.has_access_to_group?(@subject) end end diff --git a/app/services/auth/dependency_proxy_authentication_service.rb b/app/services/auth/dependency_proxy_authentication_service.rb index 9033baf8c15..164594d6f6c 100644 --- a/app/services/auth/dependency_proxy_authentication_service.rb +++ b/app/services/auth/dependency_proxy_authentication_service.rb @@ -5,11 +5,10 @@ module Auth AUDIENCE = 'dependency_proxy' HMAC_KEY = 'gitlab-dependency-proxy' DEFAULT_EXPIRE_TIME = 1.minute - REQUIRED_ABILITIES = %i[read_container_image create_container_image].freeze def execute(authentication_abilities:) return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled - return error('access forbidden', 403) unless valid_user_actor?(authentication_abilities) + return error('access forbidden', 403) unless valid_user_actor? { token: authorized_token.encoded } end @@ -34,17 +33,8 @@ module Auth private - def valid_user_actor?(authentication_abilities) - valid_human_user? || valid_group_access_token?(authentication_abilities) || valid_deploy_token? - end - - def valid_human_user? - current_user.is_a?(User) && current_user.human? - end - - def valid_group_access_token?(authentication_abilities) - current_user&.project_bot? && group_access_token&.active? && - (REQUIRED_ABILITIES & authentication_abilities).size == REQUIRED_ABILITIES.size + def valid_user_actor? + current_user || valid_deploy_token? end def valid_deploy_token? @@ -59,18 +49,8 @@ module Auth end end - def group_access_token - return unless current_user&.project_bot? - - PersonalAccessTokensFinder.new(state: 'active').find_by_token(raw_token) - end - def deploy_token params[:deploy_token] end - - def raw_token - params[:raw_token] - end end end diff --git a/app/services/system_notes/issuables_service.rb b/app/services/system_notes/issuables_service.rb index 8442ff81d41..c584d5ccca3 100644 --- a/app/services/system_notes/issuables_service.rb +++ b/app/services/system_notes/issuables_service.rb @@ -437,7 +437,7 @@ module SystemNotes def discussion_lock action = noteable.discussion_locked? ? 'locked' : 'unlocked' - body = "#{action} this #{noteable.class.to_s.titleize.downcase}" + body = "#{action} the discussion in this #{noteable.class.to_s.titleize.downcase}" if action == 'locked' track_issue_event(:track_issue_locked_action) diff --git a/app/views/projects/pages/new.html.haml b/app/views/projects/pages/new.html.haml index 89f8f62ea83..56dfc69d740 100644 --- a/app/views/projects/pages/new.html.haml +++ b/app/views/projects/pages/new.html.haml @@ -1,10 +1,5 @@ - @breadcrumb_link = project_pages_path(@project) - page_title s_('GitLabPages|Pages') -- if Feature.enabled?(:use_pipeline_wizard_for_pages, @project.group) - #js-pages{ data: @pipeline_wizard_data } -- else - = render 'header' - - = render 'use' +#js-pages{ data: @pipeline_wizard_data } diff --git a/app/views/projects/runners/_runner.html.haml b/app/views/projects/runners/_runner.html.haml index 12432cd3484..96b87767690 100644 --- a/app/views/projects/runners/_runner.html.haml +++ b/app/views/projects/runners/_runner.html.haml @@ -26,7 +26,8 @@ - elsif runner.project_type? = form_for [@project, @project.runner_projects.new] do |f| = f.hidden_field :runner_id, value: runner.id - = f.submit _('Enable for this project'), class: 'btn gl-button' + = render Pajamas::ButtonComponent.new(variant: :default, size: :small, type: :submit) do + = _('Enable for this project') - if runner.description.present? %p.gl-my-2 = runner.description diff --git a/app/views/shared/_md_preview.html.haml b/app/views/shared/_md_preview.html.haml index 1fd430527a1..7ac6a822420 100644 --- a/app/views/shared/_md_preview.html.haml +++ b/app/views/shared/_md_preview.html.haml @@ -5,7 +5,7 @@ .issuable-note-warning = sprite_icon('lock', css_class: 'icon') %span - = _('This merge request is locked.') + = _('The discussion in this merge request is locked.') = _('Only project members can comment.') .md-area.position-relative diff --git a/config/feature_flags/development/use_pipeline_wizard_for_pages.yml b/config/feature_flags/development/code_tasks.yml index 2de1b952f95..fec0e8326f3 100644 --- a/config/feature_flags/development/use_pipeline_wizard_for_pages.yml +++ b/config/feature_flags/development/code_tasks.yml @@ -1,8 +1,8 @@ --- -name: use_pipeline_wizard_for_pages -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78276 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349095 -milestone: '15.4' +name: code_tasks +introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135717 +rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/430962 +milestone: '16.6' type: development -group: group::incubation -default_enabled: true +group: group::code creation +default_enabled: false diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 98c5d13e75a..5d7cc02c7d7 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -32258,9 +32258,21 @@ see the associated mutation type above. | Name | Type | Description | | ---- | ---- | ----------- | | <a id="aichatinputcontent"></a>`content` | [`String!`](#string) | Content of the message. | +| <a id="aichatinputcurrentfile"></a>`currentFile` **{warning-solid}** | [`AiCurrentFileInput`](#aicurrentfileinput) | **Deprecated:** This feature is an Experiment. It can be changed or removed at any time. Introduced in 16.6. | | <a id="aichatinputnamespaceid"></a>`namespaceId` | [`NamespaceID`](#namespaceid) | Global ID of the namespace the user is acting on. | | <a id="aichatinputresourceid"></a>`resourceId` | [`AiModelID`](#aimodelid) | Global ID of the resource to mutate. | +### `AiCurrentFileInput` + +#### Arguments + +| Name | Type | Description | +| ---- | ---- | ----------- | +| <a id="aicurrentfileinputcontentabovecursor"></a>`contentAboveCursor` | [`String`](#string) | Content above cursor. | +| <a id="aicurrentfileinputcontentbelowcursor"></a>`contentBelowCursor` | [`String`](#string) | Content below cursor. | +| <a id="aicurrentfileinputfilename"></a>`fileName` | [`String!`](#string) | File name. | +| <a id="aicurrentfileinputselectedtext"></a>`selectedText` | [`String!`](#string) | Selected text. | + ### `AiExplainCodeInput` #### Arguments diff --git a/doc/ci/debugging.md b/doc/ci/debugging.md index bc4482a43e2..5bcf834b61d 100644 --- a/doc/ci/debugging.md +++ b/doc/ci/debugging.md @@ -260,21 +260,36 @@ can cause a `500` error when editing the `.gitlab-ci.yml` file with the [web edi Ensure that included configuration files do not create a loop of references to each other. -### `Failed to pull image` message +### `Failed to pull image` messages > **Allow access to this project with a CI_JOB_TOKEN** setting [renamed to **Limit access _to_ this project**](https://gitlab.com/gitlab-org/gitlab/-/issues/411406) in GitLab 16.3. -When a runner tries to pull an image from a private project, the job could fail with the following error: +A runner might return a `Failed to pull image` message when trying to pull a container image +in a CI/CD job. -```shell -WARNING: Failed to pull image with policy "always": Error response from daemon: pull access denied for registry.example.com/path/to/project, repository does not exist or may require 'docker login': denied: requested access to the resource is denied -``` +The runner authenticates with a [CI/CD job token](jobs/ci_job_token.md) +when fetching a container image defined with [`image`](yaml/index.md#image) +from another project's container registry. + +If the job token settings prevent access to the other project's container registry, +the runner returns an error message. + +For example: + +- ```plaintext + WARNING: Failed to pull image with policy "always": Error response from daemon: pull access denied for registry.example.com/path/to/project, repository does not exist or may require 'docker login': denied: requested access to the resource is denied + ``` + +- ```plaintext + WARNING: Failed to pull image with policy "": image pull failed: rpc error: code = Unknown desc = failed to pull and unpack image "registry.example.com/path/to/project/image:v1.2.3": failed to resolve reference "registry.example.com/path/to/project/image:v1.2.3": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed + ``` -This error can happen if the following are both true: +These errors can happen if the following are both true: -- The **Limit access _to_ this project** option is enabled in the private project - hosting the image. -- The job attempting to fetch the image is running for a project that is not listed in +- The [**Limit access _to_ this project**](jobs/ci_job_token.md#limit-job-token-scope-for-public-or-internal-projects) + option is enabled in the private project hosting the image. +- The job attempting to fetch the image is running in a project that is not listed in the private project's allowlist. -The recommended solution is to [add your project to the private project's job token scope allowlist](jobs/ci_job_token.md#add-a-project-to-the-job-token-scope-allowlist). +To resolve this issue, add any projects with CI/CD jobs that fetch images from the container +registry to the target project's [job token allowlist](jobs/ci_job_token.md#allow-access-to-your-project-with-a-job-token). diff --git a/doc/ci/runners/saas/macos_saas_runner.md b/doc/ci/runners/saas/macos_saas_runner.md index 1445ae58bd4..b503fea4f2f 100644 --- a/doc/ci/runners/saas/macos_saas_runner.md +++ b/doc/ci/runners/saas/macos_saas_runner.md @@ -34,34 +34,26 @@ In comparison to our SaaS runners on Linux, where you can run any Docker image, GitLab SaaS provides a set of VM images for macOS. You can execute your build in one of the following images, which you specify -in your `.gitlab-ci.yml` file. - -Each image runs a specific version of macOS and Xcode. +in your `.gitlab-ci.yml` file. Each image runs a specific version of macOS and Xcode. | VM image | Status | |----------------------------|--------| -| `macos-12-xcode-13` | `GA` | | `macos-12-xcode-14` | `GA` | -| `macos-13-xcode-14` | `Beta` | - -## Image update policy for macOS +| `macos-13-xcode-14` | `GA` | +| `macos-14-xcode-15` | `Beta` | -macOS and Xcode follow a yearly release cadence, during which GitLab increments its versions synchronously. GitLab typically supports multiple versions of preinstalled tools. For more information, see -a [full list of preinstalled software](https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/job-images/-/tree/main/toolchain). +If no image is specified, the macOS runner uses `macos-13-xcode-14`. -GitLab provides `stable` and `latest` macOS images that follow different update patterns: +## Image update policy for macOS -- **Stable image:** The `stable` images and installed components are updated every release. Images without the `:latest` prefix are considered stable images. -- **Latest image:** The `latest` images are typically updated on a weekly cadence and use a `:latest` prefix in the image name. Using the `latest` image results in more regularly updated components and shorter update times for Homebrew or asdf. The `latest` images are used to test software components before releasing the components to the `stable` images. -By definition, the `latest` images are always Beta. -A `latest` image is not available. +macOS and Xcode follow a yearly release cadence, during which GitLab increments its versions synchronously. GitLab typically supports multiple versions of preinstalled tools. For more information, see the [full list of preinstalled software](https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/job-images/-/tree/main/toolchain). -### Image release process +When Apple releases a new macOS version, GitLab releases a new `stable` image based on the OS in the next release, +which is in Beta. -When Apple releases a new macOS version, GitLab releases both `stable` and `latest` images based on the OS in the next release. Both images are Beta. +With the release of the first patch to macOS, the `stable` image becomes Generally Available (GA). As only two GA images are supported at a time, the prior OS version becomes deprecated and is deleted after three months in accordance with the [supported image lifecycle](../index.md#supported-image-lifecycle). -With the release of the first patch to macOS, the `stable` image becomes Generally Available (GA). -As only two GA images are supported at a time, the prior OS version becomes deprecated and is deleted after three months in accordance with the [supported image lifecycle](../index.md#supported-image-lifecycle). +The `stable` images and installed components are updated every release, to keep the preinstalled software up-to-date. ## Example `.gitlab-ci.yml` file diff --git a/doc/development/dangerbot.md b/doc/development/dangerbot.md index 6ef8bdfb80e..476d370e7ee 100644 --- a/doc/development/dangerbot.md +++ b/doc/development/dangerbot.md @@ -159,7 +159,7 @@ To enable the Dangerfile on another existing GitLab project, complete the follow ``` 1. Create a [Project access tokens](../user/project/settings/project_access_tokens.md) with the `api` scope, - `Reporter` permission (so that it can add labels), and no expiration date (which actually means one year). + `Developer` permission (so that it can add labels), and no expiration date (which actually means one year). 1. Add the token as a CI/CD project variable named `DANGER_GITLAB_API_TOKEN`. You should add the ~"Danger bot" label to the merge request before sending it diff --git a/doc/development/documentation/styleguide/index.md b/doc/development/documentation/styleguide/index.md index 4236fe18c75..6158d60a0ba 100644 --- a/doc/development/documentation/styleguide/index.md +++ b/doc/development/documentation/styleguide/index.md @@ -1281,11 +1281,10 @@ You can use an automatic screenshot generator to take and compress screenshots. #### Extending the tool -To add an additional **screenshot generator**, complete the following steps: +To add an additional screenshot generator: -1. Locate the `spec/docs_screenshots` directory. -1. Add a new file with a `_docs.rb` extension. -1. Be sure to include the following information in the file: +1. In the `spec/docs_screenshots` directory, add a new file with a `_docs.rb` extension. +1. Add the following information to your file: ```ruby require 'spec_helper' @@ -1298,29 +1297,29 @@ To add an additional **screenshot generator**, complete the following steps: end ``` -1. In addition, every `it` block must include the path where the screenshot is saved: +1. To each `it` block, add the path where the screenshot is saved: ```ruby - it 'user/packages/container_registry/img/project_image_repositories_list' + it '<path/to/images/directory>' ``` -##### Full page screenshots +You can take a screenshot of a page with `visit <path>`. +To avoid blank screenshots, use `expect` to wait for the content to load. -To take a full page screenshot, `visit the page` and perform any expectation on real content (to have capybara wait till the page is ready and not take a white screenshot). +##### Single-element screenshots -##### Element screenshot +You can take a screenshot of a single element. -To have the screenshot focuses few more steps are needed: +- Add the following to your screenshot generator file: -- **find the area**: `screenshot_area = find('#js-registry-policies')` -- **scroll the area in focus**: `scroll_to screenshot_area` -- **wait for the content**: `expect(screenshot_area).to have_content 'Expiration interval'` -- **set the crop area**: `set_crop_data(screenshot_area, 20)` - -In particular, `set_crop_data` accepts as arguments: a `DOM` element and a -padding. The padding is added around the element, enlarging the screenshot area. + ```ruby + screenshot_area = find('<element>') # Find the element + scroll_to screenshot_area # Scroll to the element + expect(screenshot_area).to have_content '<content>' # Wait for the content you want to capture + set_crop_data(screenshot_area, <padding>) # Capture the element with added padding + ``` -Use `spec/docs_screenshots/container_registry_docs.rb` as a guide and as an example to create your own scripts. +Use `spec/docs_screenshots/container_registry_docs.rb` as a guide to create your own scripts. ## Emoji diff --git a/doc/development/fe_guide/security.md b/doc/development/fe_guide/security.md index d578449e578..4e06c22b383 100644 --- a/doc/development/fe_guide/security.md +++ b/doc/development/fe_guide/security.md @@ -12,57 +12,6 @@ info: To determine the technical writer assigned to the Stage/Group associated w [Qualys SSL Labs Server Test](https://www.ssllabs.com/ssltest/analyze.html) are good resources for finding potential problems and ensuring compliance with security best practices. -<!-- Uncomment these sections when CSP/SRI are implemented. -### Content Security Policy (CSP) - -Content Security Policy is a web standard that intends to mitigate certain -forms of Cross-Site Scripting (XSS) as well as data injection. - -Content Security Policy rules should be taken into consideration when -implementing new features, especially those that may rely on connection with -external services. - -GitLab's CSP is used for the following: - -- Blocking plugins like Flash and Silverlight from running at all on our pages. -- Blocking the use of scripts and stylesheets downloaded from external sources. -- Upgrading `http` requests to `https` when possible. -- Preventing `iframe` elements from loading in most contexts. - -Some exceptions include: - -- Scripts from Google Analytics and Matomo if either is enabled. -- Connecting with GitHub, Bitbucket, GitLab.com, etc. to allow project importing. -- Connecting with Google, Twitter, GitHub, etc. to allow OAuth authentication. - -We use [the Secure Headers gem](https://github.com/twitter/secureheaders) to enable Content -Security Policy headers in the GitLab Rails app. - -Some resources on implementing Content Security Policy: - -- [MDN Article on CSP](https://developer.mozilla.org/en-US/docs/Web/Security/CSP) -- [GitHub's CSP Journey on the GitHub Engineering Blog](https://github.blog/2016-04-12-githubs-csp-journey/) -- The Dropbox Engineering Blog's series on CSP: [1](https://blogs.dropbox.com/tech/2015/09/on-csp-reporting-and-filtering/), [2](https://blogs.dropbox.com/tech/2015/09/unsafe-inline-and-nonce-deployment/), [3](https://blogs.dropbox.com/tech/2015/09/csp-the-unexpected-eval/), [4](https://blogs.dropbox.com/tech/2015/09/csp-third-party-integrations-and-privilege-separation/) - -### Subresource Integrity (SRI) - -Subresource Integrity prevents malicious assets from being provided by a CDN by -guaranteeing that the asset downloaded is identical to the asset the server -is expecting. - -The Rails app generates a unique hash of the asset, which is used as the -asset's `integrity` attribute. The browser generates the hash of the asset -on-load and will reject the asset if the hashes do not match. - -All CSS and JavaScript assets should use Subresource Integrity. - -Some resources on implementing Subresource Integrity: - -- [MDN Article on SRI](https://developer.mozilla.org/en-us/docs/web/security/subresource_integrity) -- [Subresource Integrity on the GitHub Engineering Blog](https://github.blog/2015-09-19-subresource-integrity/) - ---> - ## Including external resources External fonts, CSS, and JavaScript should never be used with the exception of diff --git a/doc/development/i18n/externalization.md b/doc/development/i18n/externalization.md index 68c2778eabe..1ce35b254f1 100644 --- a/doc/development/i18n/externalization.md +++ b/doc/development/i18n/externalization.md @@ -232,7 +232,7 @@ If strings are reused throughout a component, it can be useful to define these s If we are reusing the same translated string in multiple components, it is tempting to add them to a `constants.js` file instead and import them across our components. However, there are multiple pitfalls to this approach: - It creates distance between the HTML template and the copy, adding an additional level of complexity while navigating our codebase. -- Copy strings are rarely, if ever, truly the same entity. The benefit of having a reusable variable is to have one easy place to go to update a value, but for copy it is quite common to have similar strings that aren't quite the same. +- The benefit of having a reusable variable is to have one easy place to go to update a value, but for copy it is quite common to have similar strings that aren't quite the same. Another practice to avoid when exporting copy strings is to import them in specs. While it might seem like a much more efficient test (if we change the copy, the test will still pass!) it creates additional problems: diff --git a/doc/subscriptions/gitlab_com/index.md b/doc/subscriptions/gitlab_com/index.md index 0e2d00cb2e8..317cdb1e1d5 100644 --- a/doc/subscriptions/gitlab_com/index.md +++ b/doc/subscriptions/gitlab_com/index.md @@ -327,8 +327,11 @@ For details on upgrading your subscription tier, see ### Automatic subscription renewal -When a subscription is set to auto-renew, it renews automatically on the -expiration date without a gap in available service. Subscriptions purchased through the Customers Portal or GitLab.com are set to auto-renew by default. The number of seats is adjusted to fit the [number of billable users in your group](#view-seat-usage) at the time of renewal, if that number is higher than the current subscription quantity. You can view and download your renewal invoice on the Customers Portal [View invoices](https://customers.gitlab.com/receipts) page. If your account has a [saved credit card](../customers_portal.md#change-your-payment-method), the card is charged for the invoice amount. If we are unable to process a payment, or the auto-renewal fails for any other reason, you have 14 days to renew your subscription, after which your access is downgraded. +When a subscription is set to auto-renew, it renews automatically on the expiration date without a gap in available service. Subscriptions purchased through the Customers Portal or GitLab.com are set to auto-renew by default. + +The number of seats is adjusted to fit the [number of billable users in your group](#view-seat-usage) at the time of renewal, if that number is higher than the current subscription quantity. + +You can view and download your renewal invoice on the Customers Portal [View invoices](https://customers.gitlab.com/receipts) page. If your account has a [saved credit card](../customers_portal.md#change-your-payment-method), the card is charged for the invoice amount. If we are unable to process a payment, or the auto-renewal fails for any other reason, you have 14 days to renew your subscription, after which your access is downgraded. #### Email notifications diff --git a/doc/subscriptions/self_managed/index.md b/doc/subscriptions/self_managed/index.md index 3d6e2b9af5f..a1573132ab2 100644 --- a/doc/subscriptions/self_managed/index.md +++ b/doc/subscriptions/self_managed/index.md @@ -376,14 +376,12 @@ An invoice is generated for the renewal and available for viewing or download on ### Automatic subscription renewal -When a subscription is set to auto-renew, it renews automatically on the -expiration date (at midnight UTC) without a gap in available service. Subscriptions purchased through Customers Portal are set to auto-renew by default. -The number of user licenses is adjusted to fit the [number of billable users in your instance](#view-user-totals) at the time of renewal, if that number is higher than the current subscription quantity. -Before auto-renewal you should [prepare for the renewal](#prepare-for-renewal-by-reviewing-your-account) at least 2 days before the renewal date, so that your changes synchronize to GitLab in time for your renewal. To auto-renew your subscription, +When a subscription is set to auto-renew, it renews automatically on the expiration date (at midnight UTC) without a gap in available service. Subscriptions purchased through Customers Portal are set to auto-renew by default. + +The number of user licenses is adjusted to fit the [number of billable users in your instance](#view-user-totals) at the time of renewal, if that number is higher than the current subscription quantity. Before auto-renewal you should [prepare for the renewal](#prepare-for-renewal-by-reviewing-your-account) at least 2 days before the renewal date, so that your changes synchronize to GitLab in time for your renewal. To auto-renew your subscription, you must have enabled the [synchronization of subscription data](#subscription-data-synchronization). -You can view and download your renewal invoice on the Customers Portal -[View invoices](https://customers.gitlab.com/receipts) page. If your account has a [saved credit card](../customers_portal.md#change-your-payment-method), the card is charged for the invoice amount. If we are unable to process a payment or the auto-renewal fails for any other reason, you have 14 days to renew your subscription, after which your GitLab tier is downgraded. +You can view and download your renewal invoice on the Customers Portal [View invoices](https://customers.gitlab.com/receipts) page. If your account has a [saved credit card](../customers_portal.md#change-your-payment-method), the card is charged for the invoice amount. If we are unable to process a payment or the auto-renewal fails for any other reason, you have 14 days to renew your subscription, after which your GitLab tier is downgraded. #### Email notifications diff --git a/doc/user/discussions/index.md b/doc/user/discussions/index.md index 50f2eca8d05..a3ed888ed53 100644 --- a/doc/user/discussions/index.md +++ b/doc/user/discussions/index.md @@ -156,12 +156,12 @@ Prerequisite: To lock an issue or merge request: -1. On the right sidebar, next to **Lock issue** or **Lock merge request**, select **Edit**. +1. On the right sidebar, next to **Lock discussion**, select **Edit**. 1. On the confirmation dialog, select **Lock**. Notes are added to the page details. -If an issue or merge request is locked and closed, you cannot reopen it. +If an issue or merge request is closed with a locked discussion, then you cannot reopen it until the discussion is unlocked. <!-- Delete when the `moved_mr_sidebar` feature flag is removed --> If you don't see this action on the right sidebar, your project or instance might have [moved sidebar actions](../project/merge_requests/index.md#move-sidebar-actions) enabled. diff --git a/doc/user/group/saml_sso/group_sync.md b/doc/user/group/saml_sso/group_sync.md index c18ccaf9c20..7b10da016b9 100644 --- a/doc/user/group/saml_sso/group_sync.md +++ b/doc/user/group/saml_sso/group_sync.md @@ -81,6 +81,8 @@ When SAML is enabled, users with the Maintainer or Owner role see a new menu item in group **Settings > SAML Group Links**. You can configure one or more **SAML Group Links** to map a SAML identity provider group name to a GitLab role. This can be done for a top-level group or any subgroup. +SAML Group Sync only manages a group if that group has one or more SAML group links. If a SAML group link is created then removed, the user remains in the group until they are removed from the group in the identity provider. + To link the SAML groups: 1. In **SAML Group Name**, enter the value of the relevant `saml:AttributeValue`. The value entered here must exactly match the value sent in the SAML response. For some IdPs, this may be a group ID or object ID (Azure AD) instead of a friendly group name. diff --git a/doc/user/packages/container_registry/troubleshoot_container_registry.md b/doc/user/packages/container_registry/troubleshoot_container_registry.md index cb0bcf3f35b..3fb2754eb9c 100644 --- a/doc/user/packages/container_registry/troubleshoot_container_registry.md +++ b/doc/user/packages/container_registry/troubleshoot_container_registry.md @@ -128,14 +128,11 @@ time is set to 15 minutes. If you are using self-managed GitLab, an administrator can [increase the token duration](../../../administration/packages/container_registry.md#increase-token-duration). -## `insufficient_scope: authorization failed` when pulling an image +## `Failed to pull image` messages -GitLab CI/CD jobs that set [`image`](../../../ci/yaml/index.md#image) to pull an image -from a project's container registry automatically authenticate with a [CI/CD job token](../../../ci/jobs/ci_job_token.md). - -All projects with CI/CD jobs that fetch images from the container registry must be listed -in the registry project's [job token allowlist](../../../ci/jobs/ci_job_token.md#allow-access-to-your-project-with-a-job-token). -Otherwise, the job fails with an `insufficient_scope: authorization failed` error. +You might receive a [`Failed to pull image'](../../../ci/debugging.md#failed-to-pull-image-messages) +error message when a CI/CD job is unable to pull a container image from a project with a limited +[CI/CD job token scope](../../../ci/jobs/ci_job_token.md#limit-job-token-scope-for-public-or-internal-projects). ## Slow uploads when using `kaniko` to push large images diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md index 7bd5a09d8e3..02810bcb922 100644 --- a/doc/user/packages/dependency_proxy/index.md +++ b/doc/user/packages/dependency_proxy/index.md @@ -88,7 +88,7 @@ You can authenticate using: - Your GitLab username and password. - A [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `read_registry` and `write_registry`. - A [group deploy token](../../../user/project/deploy_tokens/index.md) with the scope set to `read_registry` and `write_registry`. -- A [group access token](../../../user/group/settings/group_access_tokens.md) for the group with the scope set to `read_registry` and `write_registry`. +- A [group access token](../../../user/group/settings/group_access_tokens.md) for the group, with the scope set to `read_registry` and `write_registry`. Users accessing the Dependency Proxy with a personal access token or username and password must have at least the Guest role for the group they pull images from. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 7a488a1cdb9..6ce0a91c283 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -792,12 +792,6 @@ msgstr "" msgid "%{integrations_link_start}Integrations%{link_end} enable you to make third-party applications part of your GitLab workflow. If the available integrations don't meet your needs, consider using a %{webhooks_link_start}webhook%{link_end}." msgstr "" -msgid "%{issuableDisplayName} locked." -msgstr "" - -msgid "%{issuableDisplayName} unlocked." -msgstr "" - msgid "%{issuableType} will be removed! Are you sure?" msgstr "" @@ -5488,9 +5482,6 @@ msgstr "" msgid "Analytics|Analytics dashboards" msgstr "" -msgid "Analytics|Analytics events by month" -msgstr "" - msgid "Analytics|Analytics settings for '%{project_name}' were successfully updated." msgstr "" @@ -5539,9 +5530,6 @@ msgstr "" msgid "Analytics|Create your visualization" msgstr "" -msgid "Analytics|Current month to date" -msgstr "" - msgid "Analytics|Custom dashboards" msgstr "" @@ -5608,9 +5596,6 @@ msgstr "" msgid "Analytics|Event Props" msgstr "" -msgid "Analytics|Events" -msgstr "" - msgid "Analytics|Failed to fetch data" msgstr "" @@ -5629,9 +5614,6 @@ msgstr "" msgid "Analytics|Link clicks" msgstr "" -msgid "Analytics|Month" -msgstr "" - msgid "Analytics|New dashboard" msgstr "" @@ -5659,18 +5641,6 @@ msgstr "" msgid "Analytics|Pages" msgstr "" -msgid "Analytics|Previous month" -msgstr "" - -msgid "Analytics|Product analytics usage is calculated based on the total number of events received from projects within the group. %{linkStart}Learn more%{linkEnd}." -msgstr "" - -msgid "Analytics|Projects" -msgstr "" - -msgid "Analytics|Projects (%{maxProjects} of %{totalProjects} shown)" -msgstr "" - msgid "Analytics|Referer" msgstr "" @@ -5707,9 +5677,6 @@ msgstr "" msgid "Analytics|Something went wrong while loading available visualizations. Refresh the page to try again." msgstr "" -msgid "Analytics|Something went wrong while loading product analytics usage data. Refresh the page to try again." -msgstr "" - msgid "Analytics|Something went wrong while loading the dashboard. Refresh the page to try again or see %{linkStart}troubleshooting documentation%{linkEnd}." msgstr "" @@ -5725,12 +5692,6 @@ msgstr "" msgid "Analytics|Target URL" msgstr "" -msgid "Analytics|This group has no projects with product analytics onboarded in the current or previous month." -msgstr "" - -msgid "Analytics|This table excludes projects that do not have product analytics onboarded." -msgstr "" - msgid "Analytics|To create your own dashboards, first configure a project to store your dashboards." msgstr "" @@ -5743,12 +5704,6 @@ msgstr "" msgid "Analytics|Updating visualization %{visualizationName}" msgstr "" -msgid "Analytics|Usage by month" -msgstr "" - -msgid "Analytics|Usage by project" -msgstr "" - msgid "Analytics|Use the visualization designer to create custom visualizations. After you save a visualization, you can add it to a dashboard." msgstr "" @@ -17562,9 +17517,15 @@ msgstr "" msgid "Discuss a specific suggestion or question." msgstr "" +msgid "Discussion locked." +msgstr "" + msgid "Discussion to reply to cannot be found" msgstr "" +msgid "Discussion unlocked." +msgstr "" + msgid "Disk Usage" msgstr "" @@ -28630,15 +28591,15 @@ msgstr "" msgid "Lock" msgstr "" -msgid "Lock %{issuableDisplayName}" -msgstr "" - msgid "Lock %{issuableType}" msgstr "" msgid "Lock File?" msgstr "" +msgid "Lock discussion" +msgstr "" + msgid "Lock label after a merge request is merged" msgstr "" @@ -28660,7 +28621,7 @@ msgstr "" msgid "Lock the discussion" msgstr "" -msgid "Lock this %{issuableDisplayName}? Only %{strongStart}project members%{strongEnd} will be able to comment." +msgid "Lock this discussion? Only %{strongStart}project members%{strongEnd} will be able to comment." msgstr "" msgid "Lock to current projects" @@ -28678,7 +28639,7 @@ msgstr "" msgid "Locked the discussion." msgstr "" -msgid "Locking %{issuableDisplayName}" +msgid "Locking discussion" msgstr "" msgid "Locks the discussion." @@ -29416,36 +29377,6 @@ msgstr "" msgid "MemberRoles|Add new role" msgstr "" -msgid "MemberRoles|Admin group member" -msgstr "" - -msgid "MemberRoles|Admin merge requests" -msgstr "" - -msgid "MemberRoles|Admin vulnerability" -msgstr "" - -msgid "MemberRoles|Allows admin access to group members." -msgstr "" - -msgid "MemberRoles|Allows admin access to the merge requests." -msgstr "" - -msgid "MemberRoles|Allows admin access to the vulnerability reports. Select 'Read vulnerability' for this to take effect." -msgstr "" - -msgid "MemberRoles|Allows manage access to the project access tokens. Select 'Manage Project Access Tokens' for this to take effect." -msgstr "" - -msgid "MemberRoles|Allows read-only access to the dependencies." -msgstr "" - -msgid "MemberRoles|Allows read-only access to the source code." -msgstr "" - -msgid "MemberRoles|Allows read-only access to the vulnerability reports." -msgstr "" - msgid "MemberRoles|Are you sure you want to delete this role?" msgstr "" @@ -29455,6 +29386,9 @@ msgstr "" msgid "MemberRoles|Base role to use as template" msgstr "" +msgid "MemberRoles|Could not fetch available permissions: %{message}" +msgstr "" + msgid "MemberRoles|Create new role" msgstr "" @@ -29491,9 +29425,6 @@ msgstr "" msgid "MemberRoles|Make sure the group is in the Ultimate tier." msgstr "" -msgid "MemberRoles|Manage Project Access Tokens" -msgstr "" - msgid "MemberRoles|Name" msgstr "" @@ -29503,15 +29434,6 @@ msgstr "" msgid "MemberRoles|Permissions" msgstr "" -msgid "MemberRoles|Read code" -msgstr "" - -msgid "MemberRoles|Read dependency" -msgstr "" - -msgid "MemberRoles|Read vulnerability" -msgstr "" - msgid "MemberRoles|Role name" msgstr "" @@ -36320,6 +36242,9 @@ msgstr "" msgid "ProductAnalytics|An error occurred while fetching data. Refresh the page to try again." msgstr "" +msgid "ProductAnalytics|Analytics events by month" +msgstr "" + msgid "ProductAnalytics|Analyze your product with Product Analytics" msgstr "" @@ -36359,6 +36284,9 @@ msgstr "" msgid "ProductAnalytics|Cube API key" msgstr "" +msgid "ProductAnalytics|Current month to date" +msgstr "" + msgid "ProductAnalytics|Details on how to configure product analytics to collect data." msgstr "" @@ -36383,6 +36311,9 @@ msgstr "" msgid "ProductAnalytics|For the product analytics dashboard to start showing you some data, you need to add the analytics tracking code to your project." msgstr "" +msgid "ProductAnalytics|Get started with product analytics" +msgstr "" + msgid "ProductAnalytics|How many sessions a user has" msgstr "" @@ -36392,6 +36323,12 @@ msgstr "" msgid "ProductAnalytics|Instrument your application" msgstr "" +msgid "ProductAnalytics|Learn how to enable product analytics" +msgstr "" + +msgid "ProductAnalytics|Learn how to onboard projects" +msgstr "" + msgid "ProductAnalytics|Link Click Events" msgstr "" @@ -36419,6 +36356,12 @@ msgstr "" msgid "ProductAnalytics|Measuring" msgstr "" +msgid "ProductAnalytics|Month" +msgstr "" + +msgid "ProductAnalytics|No projects found" +msgstr "" + msgid "ProductAnalytics|On what do you want to get insights?" msgstr "" @@ -36428,9 +36371,21 @@ msgstr "" msgid "ProductAnalytics|Percentage of Users Returning" msgstr "" +msgid "ProductAnalytics|Previous month" +msgstr "" + msgid "ProductAnalytics|Product analytics onboarding" msgstr "" +msgid "ProductAnalytics|Product analytics usage is calculated based on the total number of events received from projects within the group. %{linkStart}Learn more%{linkEnd}." +msgstr "" + +msgid "ProductAnalytics|Projects" +msgstr "" + +msgid "ProductAnalytics|Projects (%{maxProjects} of %{totalProjects} shown)" +msgstr "" + msgid "ProductAnalytics|Returning Users" msgstr "" @@ -36458,6 +36413,9 @@ msgstr "" msgid "ProductAnalytics|Snowplow configurator connection string" msgstr "" +msgid "ProductAnalytics|Something went wrong while loading product analytics usage data. Refresh the page to try again." +msgstr "" + msgid "ProductAnalytics|The connection string for your Snowplow configurator instance." msgstr "" @@ -36467,15 +36425,30 @@ msgstr "" msgid "ProductAnalytics|The sender of tracking events" msgstr "" +msgid "ProductAnalytics|This group has no projects with product analytics onboarded in the current period." +msgstr "" + msgid "ProductAnalytics|This might take a while, feel free to navigate away from this page and come back later." msgstr "" +msgid "ProductAnalytics|This table excludes projects that do not have product analytics onboarded." +msgstr "" + msgid "ProductAnalytics|To instrument your application, select one of the options below. After an option has been instrumented and data is being collected, this page will progress to the next step." msgstr "" +msgid "ProductAnalytics|Track your product's performance, and optimize your product and development processes." +msgstr "" + msgid "ProductAnalytics|Unique Users" msgstr "" +msgid "ProductAnalytics|Usage by month" +msgstr "" + +msgid "ProductAnalytics|Usage by project" +msgstr "" + msgid "ProductAnalytics|Used to retrieve dashboard data from the Cube instance." msgstr "" @@ -42141,6 +42114,9 @@ msgstr "" msgid "ScanResultPolicy|Fix available is only applicable to container and dependency scanning" msgstr "" +msgid "ScanResultPolicy|If an MR receives all necessary approvals to merge, but then a new commit is added, new approvals are required. This ensures new commits that may include vulnerabilities cannot be introduced." +msgstr "" + msgid "ScanResultPolicy|If selected, the following choices will overwrite %{linkStart}project settings%{linkEnd} but only affect the branches selected in the policy." msgstr "" @@ -42192,9 +42168,15 @@ msgstr "" msgid "ScanResultPolicy|Override project approval settings" msgstr "" +msgid "ScanResultPolicy|Password confirmation on approvals provides an additional level of security. Enabling this enforces the setting on all projects targeted by this policy." +msgstr "" + msgid "ScanResultPolicy|Pre-existing" msgstr "" +msgid "ScanResultPolicy|Prevent a user from removing a branch from the protected branches list or from deleting a protected branch." +msgstr "" + msgid "ScanResultPolicy|Prevent approval by commit author" msgstr "" @@ -42207,6 +42189,9 @@ msgstr "" msgid "ScanResultPolicy|Prevent pushing and force pushing" msgstr "" +msgid "ScanResultPolicy|Prevent pushing and force pushing to a protected branch." +msgstr "" + msgid "ScanResultPolicy|Protected branch settings" msgstr "" @@ -42237,9 +42222,15 @@ msgstr "" msgid "ScanResultPolicy|Status is:" msgstr "" +msgid "ScanResultPolicy|The merge request author cannot approve their own merge request." +msgstr "" + msgid "ScanResultPolicy|Unknown" msgstr "" +msgid "ScanResultPolicy|Users who have contributed code to the MR are ineligible for approval, ensuring code committers cannot introduce vulnerabilities and approve code to merge." +msgstr "" + msgid "ScanResultPolicy|When %{scanType} %{scanners} runs against the %{branches} %{branchExceptions} and find(s) %{vulnerabilitiesNumber} %{boldDescription} of the following criteria:" msgstr "" @@ -42252,9 +42243,6 @@ msgstr "" msgid "ScanResultPolicy|When %{scanners} find scanner specified conditions in an open merge request targeting the %{branches} %{branchExceptions} and match %{boldDescription} of the following criteria" msgstr "" -msgid "ScanResultPolicy|When enabled, two person approval will be required on all MRs as merge request authors cannot approve their own MRs and merge them unilaterally" -msgstr "" - msgid "ScanResultPolicy|You have selected any protected branch option as a condition. To better protect your project, it is recommended to enable the protect branch settings. %{linkStart}Learn more.%{linkEnd}" msgstr "" @@ -45558,6 +45546,9 @@ msgstr "" msgid "Something went wrong on our end. Please try again." msgstr "" +msgid "Something went wrong trying to change the locked state of the discussion" +msgstr "" + msgid "Something went wrong trying to change the locked state of this %{issuableDisplayName}" msgstr "" @@ -48056,6 +48047,18 @@ msgstr "" msgid "The directory has been successfully created." msgstr "" +msgid "The discussion in this %{issuableDisplayName} is locked. Only project members can comment." +msgstr "" + +msgid "The discussion in this %{issuable} is locked. Only project members can comment." +msgstr "" + +msgid "The discussion in this %{noteableTypeText} is locked." +msgstr "" + +msgid "The discussion in this merge request is locked." +msgstr "" + msgid "The domain you entered is misformatted." msgstr "" @@ -48858,16 +48861,10 @@ msgstr "" msgid "This %{issuable} is locked. Only %{strong_open}project members%{strong_close} can comment." msgstr "" -msgid "This %{issuable} is locked. Only project members can comment." -msgstr "" - msgid "This %{issuable} would exceed the maximum number of linked %{issuables} (%{limit})." msgstr "" -msgid "This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and %{lockedLinkStart}locked%{lockedLinkEnd}." -msgstr "" - -msgid "This %{noteableTypeText} is locked." +msgid "This %{noteableTypeText} is %{confidentialLinkStart}confidential%{confidentialLinkEnd} and its %{lockedLinkStart}discussion is locked%{lockedLinkEnd}." msgstr "" msgid "This %{viewer} could not be displayed because %{reason}. You can %{options} instead." @@ -49323,9 +49320,6 @@ msgstr "" msgid "This merge request is from an internal project to a public project." msgstr "" -msgid "This merge request is locked." -msgstr "" - msgid "This merge request was merged. To apply this suggestion, edit this file directly." msgstr "" @@ -49350,6 +49344,9 @@ msgstr "" msgid "This pipeline was created by a schedule." msgstr "" +msgid "This pipeline was created by an API call authenticated with a trigger token" +msgstr "" + msgid "This pipeline was triggered using the api" msgstr "" @@ -50489,9 +50486,6 @@ msgstr "" msgid "Tracing|Check again" msgstr "" -msgid "Tracing|Created date" -msgstr "" - msgid "Tracing|Date" msgstr "" @@ -50567,6 +50561,9 @@ msgstr "" msgid "Tracing|Time range" msgstr "" +msgid "Tracing|Timestamp" +msgstr "" + msgid "Tracing|Toggle child spans" msgstr "" @@ -51241,10 +51238,10 @@ msgstr "" msgid "Unlock" msgstr "" -msgid "Unlock %{issuableDisplayName}" +msgid "Unlock account" msgstr "" -msgid "Unlock account" +msgid "Unlock discussion" msgstr "" msgid "Unlock more features with GitLab Ultimate" @@ -51253,7 +51250,7 @@ msgstr "" msgid "Unlock the discussion" msgstr "" -msgid "Unlock this %{issuableDisplayName}? %{strongStart}Everyone%{strongEnd} will be able to comment." +msgid "Unlock this discussion? %{strongStart}Everyone%{strongEnd} will be able to comment." msgstr "" msgid "Unlocked" @@ -51262,7 +51259,7 @@ msgstr "" msgid "Unlocked the discussion." msgstr "" -msgid "Unlocking %{issuableDisplayName}" +msgid "Unlocking discussion" msgstr "" msgid "Unlocks the discussion." @@ -58192,6 +58189,9 @@ msgstr "" msgid "total must be less than or equal to %{size}" msgstr "" +msgid "trigger token" +msgstr "" + msgid "triggered" msgstr "" diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index 810c773de00..6bb791d2fd4 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -60,42 +60,6 @@ RSpec.describe Groups::DependencyProxyForContainersController, feature_category: it { is_expected.to have_gitlab_http_status(:not_found) } end - context 'with invalid group access token' do - let_it_be(:user) { create(:user, :project_bot) } - - context 'not under the group' do - it { is_expected.to have_gitlab_http_status(:not_found) } - end - - context 'with sufficient scopes, but not active' do - context 'expired' do - let_it_be(:pat) do - create(:personal_access_token, :expired, user: user).tap do |pat| - pat.update_column(:scopes, Gitlab::Auth::REGISTRY_SCOPES) - end - end - - it { is_expected.to have_gitlab_http_status(:not_found) } - end - - context 'revoked' do - let_it_be(:pat) do - create(:personal_access_token, :revoked, user: user).tap do |pat| - pat.update_column(:scopes, Gitlab::Auth::REGISTRY_SCOPES) - end - end - - it { is_expected.to have_gitlab_http_status(:not_found) } - end - end - - context 'with insufficient scopes' do - let_it_be(:pat) { create(:personal_access_token, user: user, scopes: [Gitlab::Auth::READ_API_SCOPE]) } - - it { is_expected.to have_gitlab_http_status(:not_found) } - end - end - context 'with deploy token from a different group,' do let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) } @@ -155,7 +119,11 @@ RSpec.describe Groups::DependencyProxyForContainersController, feature_category: end shared_examples 'authorize action with permission' do - shared_examples 'sends Workhorse instructions' do + context 'with a valid user' do + before do + group.add_guest(user) + end + it 'sends Workhorse local file instructions', :aggregate_failures do subject @@ -176,32 +144,6 @@ RSpec.describe Groups::DependencyProxyForContainersController, feature_category: expect(json_response['MaximumSize']).to eq(maximum_size) end end - - before do - group.add_guest(user) - end - - context 'with a valid user' do - it_behaves_like 'sends Workhorse instructions' - end - - context 'with a valid group access token' do - let_it_be(:user) { create(:user, :project_bot) } - let_it_be_with_reload(:token) { create(:personal_access_token, user: user) } - - before do - token.update_column(:scopes, Gitlab::Auth::REGISTRY_SCOPES) - end - - it_behaves_like 'sends Workhorse instructions' - end - - context 'with a deploy token' do - let_it_be(:user) { create(:deploy_token, :dependency_proxy_scopes, :group) } - let_it_be(:group_deploy_token) { create(:group_deploy_token, deploy_token: user, group: group) } - - it_behaves_like 'sends Workhorse instructions' - end end shared_examples 'namespace statistics refresh' do diff --git a/spec/features/issues/discussion_lock_spec.rb b/spec/features/issues/discussion_lock_spec.rb index fb9addff1a2..04d59854ddc 100644 --- a/spec/features/issues/discussion_lock_spec.rb +++ b/spec/features/issues/discussion_lock_spec.rb @@ -28,7 +28,7 @@ RSpec.describe 'Discussion Lock', :js, feature_category: :team_planning do click_button('Lock') end - expect(find('#notes')).to have_content('locked this issue') + expect(find('#notes')).to have_content('locked the discussion in this issue') end end @@ -46,7 +46,7 @@ RSpec.describe 'Discussion Lock', :js, feature_category: :team_planning do click_button('Unlock') end - expect(find('#notes')).to have_content('unlocked this issue') + expect(find('#notes')).to have_content('unlocked the discussion in this issue') expect(find('.issuable-sidebar')).to have_content('Unlocked') end @@ -101,7 +101,7 @@ RSpec.describe 'Discussion Lock', :js, feature_category: :team_planning do page.within('#notes') do expect(page).not_to have_selector('js-main-target-form') expect(page.find('.disabled-comments')) - .to have_content('This issue is locked. Only project members can comment.') + .to have_content('The discussion in this issue is locked. Only project members can comment.') end end end diff --git a/spec/features/merge_request/merge_request_discussion_lock_spec.rb b/spec/features/merge_request/merge_request_discussion_lock_spec.rb index 782c4af58ac..7e01063816f 100644 --- a/spec/features/merge_request/merge_request_discussion_lock_spec.rb +++ b/spec/features/merge_request/merge_request_discussion_lock_spec.rb @@ -92,7 +92,7 @@ RSpec.describe 'Merge Request Discussion Lock', :js, feature_category: :code_rev it 'the user can lock the merge_request' do find('#new-actions-header-dropdown button').click - expect(page).to have_content('Lock merge request') + expect(page).to have_content('Lock discussion') end end @@ -105,7 +105,7 @@ RSpec.describe 'Merge Request Discussion Lock', :js, feature_category: :code_rev it 'the user can unlock the merge_request' do find('#new-actions-header-dropdown button').click - expect(page).to have_content('Unlock merge request') + expect(page).to have_content('Unlock discussion') end end end diff --git a/spec/features/merge_request/user_locks_discussion_spec.rb b/spec/features/merge_request/user_locks_discussion_spec.rb index a603a5c1e0b..d4cc6c9410c 100644 --- a/spec/features/merge_request/user_locks_discussion_spec.rb +++ b/spec/features/merge_request/user_locks_discussion_spec.rb @@ -43,7 +43,7 @@ RSpec.describe 'Merge request > User locks discussion', :js, feature_category: : page.within('.js-vue-notes-event') do expect(page).not_to have_selector('js-main-target-form') expect(page.find('.issuable-note-warning')) - .to have_content('This merge request is locked. Only project members can comment.') + .to have_content('The discussion in this merge request is locked. Only project members can comment.') end end end diff --git a/spec/features/projects/pages/user_configures_pages_pipeline_spec.rb b/spec/features/projects/pages/user_configures_pages_pipeline_spec.rb index 76eec8097d3..eb7bcb38d38 100644 --- a/spec/features/projects/pages/user_configures_pages_pipeline_spec.rb +++ b/spec/features/projects/pages/user_configures_pages_pipeline_spec.rb @@ -15,45 +15,23 @@ RSpec.describe 'Pages edits pages settings', :js, feature_category: :pages do sign_in(user) end - context 'when pipeline wizard feature is enabled' do - before do - Feature.enable(:use_pipeline_wizard_for_pages) - end - - context 'when onboarding is not complete' do - it 'renders onboarding instructions' do - visit project_pages_path(project) - - expect(page).to have_content('Get started with GitLab Pages') - end - end - - context 'when onboarding is complete' do - before do - project.mark_pages_onboarding_complete - end - - it 'shows waiting screen' do - visit project_pages_path(project) + context 'when onboarding is not complete' do + it 'renders onboarding instructions' do + visit project_pages_path(project) - expect(page).to have_content('Waiting for the Pages Pipeline to complete...') - end + expect(page).to have_content('Get started with GitLab Pages') end end - context 'when pipeline wizard feature is disabled' do + context 'when onboarding is complete' do before do - Feature.disable(:use_pipeline_wizard_for_pages) - end - - after do - Feature.enable(:use_pipeline_wizard_for_pages) + project.mark_pages_onboarding_complete end - it 'shows configure pages instructions' do + it 'shows waiting screen' do visit project_pages_path(project) - expect(page).to have_content('Configure pages') + expect(page).to have_content('Waiting for the Pages Pipeline to complete...') end end end diff --git a/spec/frontend/ci/pipeline_details/header/pipeline_details_header_spec.js b/spec/frontend/ci/pipeline_details/header/pipeline_details_header_spec.js index dacee556030..e8e178ed148 100644 --- a/spec/frontend/ci/pipeline_details/header/pipeline_details_header_spec.js +++ b/spec/frontend/ci/pipeline_details/header/pipeline_details_header_spec.js @@ -94,6 +94,7 @@ describe('Pipeline details header', () => { failureReason: 'pipeline failed', badges: { schedule: true, + trigger: false, child: false, latest: true, mergeTrainPipeline: false, @@ -179,6 +180,7 @@ describe('Pipeline details header', () => { expect(findAllBadges()).toHaveLength(2); expect(wrapper.findByText('latest').exists()).toBe(true); expect(wrapper.findByText('Scheduled').exists()).toBe(true); + expect(wrapper.findByText('trigger token').exists()).toBe(false); }); it('displays ref text', () => { @@ -203,6 +205,21 @@ describe('Pipeline details header', () => { }); }); + describe('with triggered pipeline', () => { + beforeEach(async () => { + createComponent(defaultHandlers, { + ...defaultProps, + badges: { ...defaultProps.badges, trigger: true }, + }); + + await waitForPromises(); + }); + + it('displays triggered badge', () => { + expect(wrapper.findByText('trigger token').exists()).toBe(true); + }); + }); + describe('without pipeline name', () => { it('displays commit title', async () => { createComponent(defaultHandlers, { ...defaultProps, name: '' }); diff --git a/spec/frontend/ci/pipelines_page/components/pipeline_labels_spec.js b/spec/frontend/ci/pipelines_page/components/pipeline_labels_spec.js index 4377acb9041..a660994ac8b 100644 --- a/spec/frontend/ci/pipelines_page/components/pipeline_labels_spec.js +++ b/spec/frontend/ci/pipelines_page/components/pipeline_labels_spec.js @@ -10,6 +10,7 @@ describe('Pipeline label component', () => { let wrapper; const findScheduledTag = () => wrapper.findByTestId('pipeline-url-scheduled'); + const findTriggeredTag = () => wrapper.findByTestId('pipeline-url-triggered'); const findLatestTag = () => wrapper.findByTestId('pipeline-url-latest'); const findYamlTag = () => wrapper.findByTestId('pipeline-url-yaml'); const findStuckTag = () => wrapper.findByTestId('pipeline-url-stuck'); @@ -43,6 +44,7 @@ describe('Pipeline label component', () => { expect(findAutoDevopsTag().exists()).toBe(false); expect(findFailureTag().exists()).toBe(false); expect(findScheduledTag().exists()).toBe(false); + expect(findTriggeredTag().exists()).toBe(false); expect(findForkTag().exists()).toBe(false); expect(findTrainTag().exists()).toBe(false); expect(findMergedResultsTag().exists()).toBe(false); @@ -133,6 +135,20 @@ describe('Pipeline label component', () => { expect(findScheduledTag().text()).toContain('scheduled'); }); + it('should render triggered badge when pipeline was triggered by a trigger', () => { + const triggeredPipeline = { + ...defaultProps.pipeline, + source: 'trigger', + }; + + createComponent({ + pipeline: triggeredPipeline, + }); + + expect(findTriggeredTag().exists()).toBe(true); + expect(findTriggeredTag().text()).toBe('trigger token'); + }); + it('should render the fork badge when the pipeline was run in a fork', () => { const forkedPipeline = defaultProps.pipeline; forkedPipeline.project.full_path = '/test/forked'; diff --git a/spec/frontend/issuable/components/locked_badge_spec.js b/spec/frontend/issuable/components/locked_badge_spec.js index 73ab6e36ba1..46143d16712 100644 --- a/spec/frontend/issuable/components/locked_badge_spec.js +++ b/spec/frontend/issuable/components/locked_badge_spec.js @@ -39,7 +39,7 @@ describe('LockedBadge component', () => { it('has title', () => { expect(findBadge().attributes('title')).toBe( - 'This issue is locked. Only project members can comment.', + 'The discussion in this issue is locked. Only project members can comment.', ); }); }); diff --git a/spec/frontend/observability/client_spec.js b/spec/frontend/observability/client_spec.js index 66fbc0cdb77..b41b303f57d 100644 --- a/spec/frontend/observability/client_spec.js +++ b/spec/frontend/observability/client_spec.js @@ -213,10 +213,10 @@ describe('buildClient', () => { expect(getQueryParam()).toBe(`sort=${DEFAULT_SORTING_OPTION}`); }); - it('defaults to created_desc if sortBy param is not an accepted value', async () => { + it('defaults to timestamp_desc if sortBy param is not an accepted value', async () => { await client.fetchTraces({ sortBy: 'foo-bar' }); - expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.CREATED_DESC}`); + expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.TIMESTAMP_DESC}`); }); }); @@ -230,7 +230,7 @@ describe('buildClient', () => { it('does not set any query param without filters', async () => { await client.fetchTraces(); - expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.CREATED_DESC}`); + expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.TIMESTAMP_DESC}`); }); it('appends page_token if specified', async () => { @@ -297,7 +297,7 @@ describe('buildClient', () => { }, }); - expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.CREATED_DESC}`); + expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.TIMESTAMP_DESC}`); }); it('ignores empty filters', async () => { @@ -308,7 +308,7 @@ describe('buildClient', () => { }, }); - expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.CREATED_DESC}`); + expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.TIMESTAMP_DESC}`); }); it('ignores unsupported operators', async () => { @@ -335,7 +335,7 @@ describe('buildClient', () => { }, }); - expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.CREATED_DESC}`); + expect(getQueryParam()).toBe(`sort=${SORTING_OPTIONS.TIMESTAMP_DESC}`); }); }); }); diff --git a/spec/frontend/sidebar/components/lock/__snapshots__/edit_form_spec.js.snap b/spec/frontend/sidebar/components/lock/__snapshots__/edit_form_spec.js.snap index d5bbd3bb3c9..48ba23ac0a1 100644 --- a/spec/frontend/sidebar/components/lock/__snapshots__/edit_form_spec.js.snap +++ b/spec/frontend/sidebar/components/lock/__snapshots__/edit_form_spec.js.snap @@ -9,7 +9,7 @@ exports[`Edit Form Dropdown In issue page when locked the appropriate warning te class="text" > <gl-sprintf-stub - message="Unlock this %{issuableDisplayName}? %{strongStart}Everyone%{strongEnd} will be able to comment." + message="Unlock this discussion? %{strongStart}Everyone%{strongEnd} will be able to comment." /> </p> <edit-form-buttons-stub @@ -28,7 +28,7 @@ exports[`Edit Form Dropdown In issue page when unlocked the appropriate warning class="text" > <gl-sprintf-stub - message="Lock this %{issuableDisplayName}? Only %{strongStart}project members%{strongEnd} will be able to comment." + message="Lock this discussion? Only %{strongStart}project members%{strongEnd} will be able to comment." /> </p> <edit-form-buttons-stub @@ -46,7 +46,7 @@ exports[`Edit Form Dropdown In merge request page when locked the appropriate wa class="text" > <gl-sprintf-stub - message="Unlock this %{issuableDisplayName}? %{strongStart}Everyone%{strongEnd} will be able to comment." + message="Unlock this discussion? %{strongStart}Everyone%{strongEnd} will be able to comment." /> </p> <edit-form-buttons-stub @@ -65,7 +65,7 @@ exports[`Edit Form Dropdown In merge request page when unlocked the appropriate class="text" > <gl-sprintf-stub - message="Lock this %{issuableDisplayName}? Only %{strongStart}project members%{strongEnd} will be able to comment." + message="Lock this discussion? Only %{strongStart}project members%{strongEnd} will be able to comment." /> </p> <edit-form-buttons-stub diff --git a/spec/frontend/sidebar/components/lock/issuable_lock_form_spec.js b/spec/frontend/sidebar/components/lock/issuable_lock_form_spec.js index e1c41fb8b46..69531af6e3a 100644 --- a/spec/frontend/sidebar/components/lock/issuable_lock_form_spec.js +++ b/spec/frontend/sidebar/components/lock/issuable_lock_form_spec.js @@ -176,8 +176,8 @@ describe('IssuableLockForm', () => { it.each` locked | message - ${true} | ${'Merge request locked.'} - ${false} | ${'Merge request unlocked.'} + ${true} | ${'Discussion locked.'} + ${false} | ${'Discussion unlocked.'} `('displays $message when merge request is $locked', async ({ locked, message }) => { initStore(locked); diff --git a/spec/frontend/vue_shared/components/notes/__snapshots__/noteable_warning_spec.js.snap b/spec/frontend/vue_shared/components/notes/__snapshots__/noteable_warning_spec.js.snap index 891b0c95f0e..ad0e260ad70 100644 --- a/spec/frontend/vue_shared/components/notes/__snapshots__/noteable_warning_spec.js.snap +++ b/spec/frontend/vue_shared/components/notes/__snapshots__/noteable_warning_spec.js.snap @@ -2,7 +2,7 @@ exports[`Issue Warning Component when issue is locked but not confidential renders information about locked issue 1`] = ` <span> - This issue is locked. Only project members can comment. + The discussion in this issue is locked. Only project members can comment. <gl-link-stub href="locked-path" target="_blank" @@ -34,12 +34,12 @@ exports[`Issue Warning Component when noteable is locked and confidential render > confidential </gl-link-stub> - and + and its <gl-link-stub href="" target="_blank" > - locked + discussion is locked </gl-link-stub> . </span> diff --git a/spec/frontend/vue_shared/components/notes/noteable_warning_spec.js b/spec/frontend/vue_shared/components/notes/noteable_warning_spec.js index d7fcb9a25d4..d73356e00da 100644 --- a/spec/frontend/vue_shared/components/notes/noteable_warning_spec.js +++ b/spec/frontend/vue_shared/components/notes/noteable_warning_spec.js @@ -126,12 +126,14 @@ describe('Issue Warning Component', () => { }); it('renders confidential & locked messages with noteable "issue"', () => { - expect(findLockedBlock(wrapperLocked).text()).toContain('This issue is locked.'); + expect(findLockedBlock(wrapperLocked).text()).toContain( + 'The discussion in this issue is locked.', + ); expect(findConfidentialBlock(wrapperConfidential).text()).toContain( 'This is a confidential issue.', ); expect(findLockedAndConfidentialBlock(wrapperLockedAndConfidential).text()).toContain( - 'This issue is confidential and locked.', + 'This issue is confidential and its discussion is locked.', ); }); @@ -147,7 +149,9 @@ describe('Issue Warning Component', () => { }); await nextTick(); - expect(findLockedBlock(wrapperLocked).text()).toContain('This epic is locked.'); + expect(findLockedBlock(wrapperLocked).text()).toContain( + 'The discussion in this epic is locked.', + ); await nextTick(); expect(findConfidentialBlock(wrapperConfidential).text()).toContain( @@ -156,7 +160,7 @@ describe('Issue Warning Component', () => { await nextTick(); expect(findLockedAndConfidentialBlock(wrapperLockedAndConfidential).text()).toContain( - 'This epic is confidential and locked.', + 'This epic is confidential and its discussion is locked.', ); }); @@ -172,7 +176,9 @@ describe('Issue Warning Component', () => { }); await nextTick(); - expect(findLockedBlock(wrapperLocked).text()).toContain('This merge request is locked.'); + expect(findLockedBlock(wrapperLocked).text()).toContain( + 'The discussion in this merge request is locked.', + ); await nextTick(); expect(findConfidentialBlock(wrapperConfidential).text()).toContain( @@ -181,7 +187,7 @@ describe('Issue Warning Component', () => { await nextTick(); expect(findLockedAndConfidentialBlock(wrapperLockedAndConfidential).text()).toContain( - 'This merge request is confidential and locked.', + 'This merge request is confidential and its discussion is locked.', ); }); }); diff --git a/spec/helpers/issuables_helper_spec.rb b/spec/helpers/issuables_helper_spec.rb index 0faea5629e8..6abce4c5983 100644 --- a/spec/helpers/issuables_helper_spec.rb +++ b/spec/helpers/issuables_helper_spec.rb @@ -109,10 +109,14 @@ RSpec.describe IssuablesHelper, feature_category: :team_planning do allow(helper).to receive(:current_user).and_return(user) end - context 'when assigned issues count is over 100' do - let_it_be(:issues) { create_list(:issue, 101, project: project, assignees: [user]) } + context 'when assigned issues count is over MAX_LIMIT_FOR_ASSIGNEED_ISSUES_COUNT' do + before do + stub_const('User::MAX_LIMIT_FOR_ASSIGNEED_ISSUES_COUNT', 2) + end + + let_it_be(:issues) { create_list(:issue, 3, project: project, assignees: [user]) } - it { is_expected.to eq 100 } + it { is_expected.to eq 2 } end end end @@ -127,10 +131,14 @@ RSpec.describe IssuablesHelper, feature_category: :team_planning do allow(helper).to receive(:current_user).and_return(user) end - context 'when assigned issues count is over 99' do - let_it_be(:issues) { create_list(:issue, 100, project: project, assignees: [user]) } + context 'when assigned issues count is over MAX_LIMIT_FOR_ASSIGNEED_ISSUES_COUNT' do + before do + stub_const('User::MAX_LIMIT_FOR_ASSIGNEED_ISSUES_COUNT', 2) + end + + let_it_be(:issues) { create_list(:issue, 3, project: project, assignees: [user]) } - it { is_expected.to eq '99+' } + it { is_expected.to eq '1+' } end end diff --git a/spec/helpers/projects/pipeline_helper_spec.rb b/spec/helpers/projects/pipeline_helper_spec.rb index 16c9b8a85ec..7e117fe0cce 100644 --- a/spec/helpers/projects/pipeline_helper_spec.rb +++ b/spec/helpers/projects/pipeline_helper_spec.rb @@ -54,6 +54,7 @@ RSpec.describe Projects::PipelineHelper do failure_reason: pipeline.failure_reason, triggered_by_path: '', schedule: pipeline.schedule?.to_s, + trigger: pipeline.trigger?.to_s, child: pipeline.child?.to_s, latest: pipeline.latest?.to_s, merge_train_pipeline: pipeline.merge_train_pipeline?.to_s, diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 042dbb09436..cb7884b141e 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -1110,103 +1110,53 @@ RSpec.describe GroupPolicy, feature_category: :system_access do it { is_expected.to be_allowed(:admin_dependency_proxy) } end - shared_examples 'disallows all dependency proxy access' do - it { is_expected.to be_disallowed(:read_dependency_proxy) } - it { is_expected.to be_disallowed(:admin_dependency_proxy) } - end - - shared_examples 'allows dependency proxy read access but not admin' do - it { is_expected.to be_allowed(:read_dependency_proxy) } - it { is_expected.to be_disallowed(:admin_dependency_proxy) } - end - context 'feature disabled' do let(:current_user) { owner } - before do - stub_config(dependency_proxy: { enabled: false }) - end - - it_behaves_like 'disallows all dependency proxy access' + it { is_expected.to be_disallowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } end context 'feature enabled' do before do - stub_config(dependency_proxy: { enabled: true }, registry: { enabled: true }) + stub_config(dependency_proxy: { enabled: true }) end - context 'human user' do - context 'reporter' do - let(:current_user) { reporter } - - it_behaves_like 'allows dependency proxy read access but not admin' - end - - context 'developer' do - let(:current_user) { developer } - - it_behaves_like 'allows dependency proxy read access but not admin' - end - - context 'maintainer' do - let(:current_user) { maintainer } - - it_behaves_like 'allows dependency proxy read access but not admin' - it_behaves_like 'disabling admin_package feature flag' - end - - context 'owner' do - let(:current_user) { owner } - - it { is_expected.to be_allowed(:read_dependency_proxy) } - it { is_expected.to be_allowed(:admin_dependency_proxy) } + context 'reporter' do + let(:current_user) { reporter } - it_behaves_like 'disabling admin_package feature flag' - end + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } end - context 'deploy token user' do - let!(:group_deploy_token) do - create(:group_deploy_token, group: group, deploy_token: deploy_token) - end - - subject { described_class.new(deploy_token, group) } + context 'developer' do + let(:current_user) { developer } - context 'with insufficient scopes' do - let_it_be(:deploy_token) { create(:deploy_token, :group) } + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } + end - it_behaves_like 'disallows all dependency proxy access' - end + context 'maintainer' do + let(:current_user) { maintainer } - context 'with sufficient scopes' do - let_it_be(:deploy_token) { create(:deploy_token, :group, :dependency_proxy_scopes) } + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } - it_behaves_like 'allows dependency proxy read access but not admin' - end + it_behaves_like 'disabling admin_package feature flag' end - context 'group access token user' do - let_it_be(:bot_user) { create(:user, :project_bot) } - let_it_be(:token) { create(:personal_access_token, user: bot_user, scopes: [Gitlab::Auth::READ_API_SCOPE]) } - - subject { described_class.new(bot_user, group) } - - context 'not a member of the group' do - it_behaves_like 'disallows all dependency proxy access' - end + context 'owner' do + let(:current_user) { owner } - context 'a member of the group' do - before do - group.add_guest(bot_user) - end + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_allowed(:admin_dependency_proxy) } - it_behaves_like 'allows dependency proxy read access but not admin' - end + it_behaves_like 'disabling admin_package feature flag' end end end - context 'deploy token user' do + context 'deploy token access' do let!(:group_deploy_token) do create(:group_deploy_token, group: group, deploy_token: deploy_token) end @@ -1229,6 +1179,17 @@ RSpec.describe GroupPolicy, feature_category: :system_access do it { is_expected.to be_allowed(:read_group) } it { is_expected.to be_disallowed(:destroy_package) } end + + context 'a deploy token with dependency proxy scopes' do + let_it_be(:deploy_token) { create(:deploy_token, :group, :dependency_proxy_scopes) } + + before do + stub_config(dependency_proxy: { enabled: true }) + end + + it { is_expected.to be_allowed(:read_dependency_proxy) } + it { is_expected.to be_disallowed(:admin_dependency_proxy) } + end end it_behaves_like 'Self-managed Core resource access tokens' diff --git a/spec/requests/api/graphql/mutations/admin/sidekiq_queues/delete_jobs_spec.rb b/spec/requests/api/graphql/mutations/admin/sidekiq_queues/delete_jobs_spec.rb index b3d25155a6f..316b0f3755d 100644 --- a/spec/requests/api/graphql/mutations/admin/sidekiq_queues/delete_jobs_spec.rb +++ b/spec/requests/api/graphql/mutations/admin/sidekiq_queues/delete_jobs_spec.rb @@ -20,7 +20,7 @@ RSpec.describe 'Deleting Sidekiq jobs', :clean_gitlab_redis_queues, feature_cate let(:current_user) { create(:user) } it_behaves_like 'a mutation that returns top-level errors', - errors: ['You must be an admin to use this mutation'] + errors: ['You must be an admin to use this mutation'] end context 'when the user is an admin' do @@ -51,9 +51,7 @@ RSpec.describe 'Deleting Sidekiq jobs', :clean_gitlab_redis_queues, feature_cate post_graphql_mutation(mutation, current_user: admin) expect(mutation_response['errors']).to be_empty - expect(mutation_response['result']).to eq('completed' => true, - 'deletedJobs' => 2, - 'queueSize' => 1) + expect(mutation_response['result']).to eq('completed' => true, 'deletedJobs' => 2, 'queueSize' => 1) end end @@ -61,14 +59,14 @@ RSpec.describe 'Deleting Sidekiq jobs', :clean_gitlab_redis_queues, feature_cate let(:variables) { { queue_name: queue } } it_behaves_like 'a mutation that returns errors in the response', - errors: ['No metadata provided'] + errors: ['No metadata provided'] end context 'when the queue does not exist' do let(:variables) { { user: admin.username, queue_name: 'authorized_projects_2' } } it_behaves_like 'a mutation that returns top-level errors', - errors: ['Queue authorized_projects_2 not found'] + errors: ['Queue authorized_projects_2 not found'] end end end diff --git a/spec/requests/api/graphql/mutations/alert_management/alerts/create_alert_issue_spec.rb b/spec/requests/api/graphql/mutations/alert_management/alerts/create_alert_issue_spec.rb index fbe6d95dfff..f2b516783e5 100644 --- a/spec/requests/api/graphql/mutations/alert_management/alerts/create_alert_issue_spec.rb +++ b/spec/requests/api/graphql/mutations/alert_management/alerts/create_alert_issue_spec.rb @@ -14,21 +14,23 @@ RSpec.describe 'Create an alert issue from an alert', feature_category: :inciden project_path: project.full_path, iid: alert.iid.to_s } - graphql_mutation(:create_alert_issue, variables, - <<~QL - clientMutationId - errors - alert { - iid - issue { - iid - } - } - issue { - iid - title - } - QL + graphql_mutation( + :create_alert_issue, + variables, + <<~QL + clientMutationId + errors + alert { + iid + issue { + iid + } + } + issue { + iid + title + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/boards/issues/issue_move_list_spec.rb b/spec/requests/api/graphql/mutations/boards/issues/issue_move_list_spec.rb index df64caa1cfb..8e71d77f7bc 100644 --- a/spec/requests/api/graphql/mutations/boards/issues/issue_move_list_spec.rb +++ b/spec/requests/api/graphql/mutations/boards/issues/issue_move_list_spec.rb @@ -131,22 +131,24 @@ RSpec.describe 'Reposition and move issue within board lists', feature_category: end def mutation(additional_params = {}) - graphql_mutation(mutation_name, issue_move_params.merge(additional_params), - <<-QL.strip_heredoc - clientMutationId - issue { - iid, - relativePosition - labels { - edges { - node{ - title - } - } - } - } - errors - QL + graphql_mutation( + mutation_name, + issue_move_params.merge(additional_params), + <<-QL.strip_heredoc + clientMutationId + issue { + iid, + relativePosition + labels { + edges { + node{ + title + } + } + } + } + errors + QL ) end end diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_retry_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_retry_spec.rb index e7edc86bea0..70b154946ef 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_retry_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_retry_spec.rb @@ -13,13 +13,15 @@ RSpec.describe 'PipelineRetry', feature_category: :continuous_integration do variables = { id: pipeline.to_global_id.to_s } - graphql_mutation(:pipeline_retry, variables, - <<-QL - errors - pipeline { - id - } - QL + graphql_mutation( + :pipeline_retry, + variables, + <<-QL + errors + pipeline { + id + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/clusters/agent_tokens/agent_tokens/create_spec.rb b/spec/requests/api/graphql/mutations/clusters/agent_tokens/agent_tokens/create_spec.rb index ef0d44395bf..dd4b015409b 100644 --- a/spec/requests/api/graphql/mutations/clusters/agent_tokens/agent_tokens/create_spec.rb +++ b/spec/requests/api/graphql/mutations/clusters/agent_tokens/agent_tokens/create_spec.rb @@ -23,8 +23,8 @@ RSpec.describe 'Create a new cluster agent token', feature_category: :deployment context 'without user permissions' do it_behaves_like 'a mutation that returns top-level errors', - errors: ["The resource that you are attempting to access does not exist "\ - "or you don't have permission to perform this action"] + errors: ["The resource that you are attempting to access does not exist "\ + "or you don't have permission to perform this action"] it 'does not create a token' do expect { post_graphql_mutation(mutation, current_user: current_user) }.not_to change(Clusters::AgentToken, :count) diff --git a/spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb b/spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb index b70a6282a7a..a2a093d63e6 100644 --- a/spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb +++ b/spec/requests/api/graphql/mutations/clusters/agents/delete_spec.rb @@ -22,8 +22,8 @@ RSpec.describe 'Delete a cluster agent', feature_category: :deployment_managemen context 'without project permissions' do it_behaves_like 'a mutation that returns top-level errors', - errors: ['The resource that you are attempting to access does not exist '\ - 'or you don\'t have permission to perform this action'] + errors: ['The resource that you are attempting to access does not exist '\ + 'or you don\'t have permission to perform this action'] it 'does not delete cluster agent' do expect { cluster_agent.reload }.not_to raise_error diff --git a/spec/requests/api/graphql/mutations/merge_requests/reviewer_rereview_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/reviewer_rereview_spec.rb index 7a1b3982111..ec82941b094 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/reviewer_rereview_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/reviewer_rereview_spec.rb @@ -16,11 +16,13 @@ RSpec.describe 'Setting assignees of a merge request', feature_category: :code_r project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_reviewer_rereview, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - QL + graphql_mutation( + :merge_request_reviewer_rereview, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_assignees_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_assignees_spec.rb index 4a7d1083f2e..cb7bac771b3 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_assignees_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_assignees_spec.rb @@ -21,19 +21,21 @@ RSpec.describe 'Setting assignees of a merge request', :assume_throttled, featur project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_assignees, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - assignees { - nodes { - username - } - } - } - QL + graphql_mutation( + :merge_request_set_assignees, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + assignees { + nodes { + username + } + } + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_draft_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_draft_spec.rb index 0c2e2975350..a2c5c235d25 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_draft_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_draft_spec.rb @@ -15,15 +15,17 @@ RSpec.describe 'Setting Draft status of a merge request', feature_category: :cod project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_draft, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - title - } - QL + graphql_mutation( + :merge_request_set_draft, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + title + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_labels_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_labels_spec.rb index e40a3cf7ce9..4ddd10b1734 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_labels_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_labels_spec.rb @@ -17,19 +17,21 @@ RSpec.describe 'Setting labels of a merge request' do project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_labels, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - labels { - nodes { - id - } - } - } - QL + graphql_mutation( + :merge_request_set_labels, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + labels { + nodes { + id + } + } + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_locked_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_locked_spec.rb index 73a38adf723..a6ddb9beb5c 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_locked_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_locked_spec.rb @@ -15,15 +15,17 @@ RSpec.describe 'Setting locked status of a merge request', feature_category: :co project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_locked, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - discussionLocked - } - QL + graphql_mutation( + :merge_request_set_locked, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + discussionLocked + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb index 1898ee5a62d..9debfbd474b 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb @@ -16,17 +16,19 @@ RSpec.describe 'Setting milestone of a merge request', feature_category: :code_r project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_milestone, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - milestone { - id - } - } - QL + graphql_mutation( + :merge_request_set_milestone, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + milestone { + id + } + } + QL ) end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_reviewers_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_reviewers_spec.rb index fd87112be33..c9efba689c2 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_reviewers_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_reviewers_spec.rb @@ -21,19 +21,21 @@ RSpec.describe 'Setting reviewers of a merge request', :assume_throttled, featur project_path: project.full_path, iid: merge_request.iid.to_s } - graphql_mutation(:merge_request_set_reviewers, variables.merge(input), - <<-QL.strip_heredoc - clientMutationId - errors - mergeRequest { - id - reviewers { - nodes { - username - } - } - } - QL + graphql_mutation( + :merge_request_set_reviewers, + variables.merge(input), + <<-QL.strip_heredoc + clientMutationId + errors + mergeRequest { + id + reviewers { + nodes { + username + } + } + } + QL ) end diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 0ac059b5ed3..966cc2d6d4e 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -92,7 +92,7 @@ RSpec.describe JwtController, feature_category: :system_access do context 'project with enabled CI' do subject! { get '/jwt/auth', params: parameters, headers: headers } - it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters.merge(auth_type: :build, raw_token: build.token)).permit!) } + it { expect(service_class).to have_received(:new).with(project, user, ActionController::Parameters.new(parameters.merge(auth_type: :build)).permit!) } it_behaves_like 'user logging' end @@ -119,7 +119,7 @@ RSpec.describe JwtController, feature_category: :system_access do .with( nil, nil, - ActionController::Parameters.new(parameters.merge(deploy_token: deploy_token, auth_type: :deploy_token, raw_token: deploy_token.token)).permit! + ActionController::Parameters.new(parameters.merge(deploy_token: deploy_token, auth_type: :deploy_token)).permit! ) end @@ -144,7 +144,7 @@ RSpec.describe JwtController, feature_category: :system_access do .with( nil, user, - ActionController::Parameters.new(parameters.merge(auth_type: :personal_access_token, raw_token: pat.token)).permit! + ActionController::Parameters.new(parameters.merge(auth_type: :personal_access_token)).permit! ) end @@ -160,7 +160,7 @@ RSpec.describe JwtController, feature_category: :system_access do subject! { get '/jwt/auth', params: parameters, headers: headers } - it { expect(service_class).to have_received(:new).with(nil, user, ActionController::Parameters.new(parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)).permit!) } + it { expect(service_class).to have_received(:new).with(nil, user, ActionController::Parameters.new(parameters.merge(auth_type: :gitlab_or_ldap)).permit!) } it_behaves_like 'rejecting a blocked user' @@ -180,7 +180,7 @@ RSpec.describe JwtController, feature_category: :system_access do ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit! end - it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)) } + it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } it_behaves_like 'user logging' end @@ -197,7 +197,7 @@ RSpec.describe JwtController, feature_category: :system_access do ActionController::Parameters.new({ service: service_name, scopes: %w[scope1 scope2] }).permit! end - it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap, raw_token: user.password)) } + it { expect(service_class).to have_received(:new).with(nil, user, service_parameters.merge(auth_type: :gitlab_or_ldap)) } end context 'when user has 2FA enabled' do diff --git a/spec/services/auth/dependency_proxy_authentication_service_spec.rb b/spec/services/auth/dependency_proxy_authentication_service_spec.rb index 04f7e46daa6..3ef9c8fc96e 100644 --- a/spec/services/auth/dependency_proxy_authentication_service_spec.rb +++ b/spec/services/auth/dependency_proxy_authentication_service_spec.rb @@ -4,17 +4,15 @@ require 'spec_helper' RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :dependency_proxy do let_it_be(:user) { create(:user) } - let_it_be(:params) { {} } - let_it_be(:authentication_abilities) { nil } - let(:service) { described_class.new(nil, user, params) } + let(:service) { described_class.new(nil, user) } before do - stub_config(dependency_proxy: { enabled: true }, registry: { enabled: true }) + stub_config(dependency_proxy: { enabled: true }) end describe '#execute' do - subject { service.execute(authentication_abilities: authentication_abilities) } + subject { service.execute(authentication_abilities: nil) } shared_examples 'returning' do |status:, message:| it "returns #{message}", :aggregate_failures do @@ -23,23 +21,9 @@ RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :de end end - shared_examples 'returning a token with encoded user_id' do - it 'returns a token with encoded user_id' do - token = subject[:token] - expect(token).not_to be_nil - - decoded_token = decode(token) - expect(decoded_token['user_id']).not_to be_nil - end - end - - shared_examples 'returning a token with encoded deploy_token' do - it 'returns a token with encoded deploy_token' do - token = subject[:token] - expect(token).not_to be_nil - - decoded_token = decode(token) - expect(decoded_token['deploy_token']).not_to be_nil + shared_examples 'returning a token' do + it 'returns a token' do + expect(subject[:token]).not_to be_nil end end @@ -57,53 +41,14 @@ RSpec.describe Auth::DependencyProxyAuthenticationService, feature_category: :de it_behaves_like 'returning', status: 403, message: 'access forbidden' end - context 'with a deploy token' do - let_it_be(:deploy_token) { create(:deploy_token, :group, :dependency_proxy_scopes) } - let_it_be(:params) { { deploy_token: deploy_token } } - - it_behaves_like 'returning a token with encoded deploy_token' - end - - context 'with a human user' do - it_behaves_like 'returning a token with encoded user_id' - end - - context 'with a group access token' do - let_it_be(:user) { create(:user, :project_bot) } - let_it_be_with_reload(:token) { create(:personal_access_token, user: user) } + context 'with a deploy token as user' do + let_it_be(:user) { create(:deploy_token, :group, :dependency_proxy_scopes) } - context 'with insufficient authentication abilities' do - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - - context 'with sufficient authentication abilities' do - let_it_be(:authentication_abilities) { Auth::DependencyProxyAuthenticationService::REQUIRED_ABILITIES } - let_it_be(:params) { { raw_token: token.token } } - - subject { service.execute(authentication_abilities: authentication_abilities) } - - it_behaves_like 'returning a token with encoded user_id' - - context 'revoked' do - before do - token.revoke! - end - - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - - context 'expired' do - before do - token.update_column(:expires_at, 1.day.ago) - end - - it_behaves_like 'returning', status: 403, message: 'access forbidden' - end - end + it_behaves_like 'returning a token' end - def decode(token) - DependencyProxy::AuthTokenService.new(token).execute + context 'with a user' do + it_behaves_like 'returning a token' end end end diff --git a/spec/services/issuable/common_system_notes_service_spec.rb b/spec/services/issuable/common_system_notes_service_spec.rb index 9306aeaac44..3d83c9ec9c2 100644 --- a/spec/services/issuable/common_system_notes_service_spec.rb +++ b/spec/services/issuable/common_system_notes_service_spec.rb @@ -42,7 +42,7 @@ RSpec.describe Issuable::CommonSystemNotesService, feature_category: :team_plann context 'on issuable update' do it_behaves_like 'system note creation', { title: 'New title' }, 'changed title' it_behaves_like 'system note creation', { description: 'New description' }, 'changed the description' - it_behaves_like 'system note creation', { discussion_locked: true }, 'locked this issue' + it_behaves_like 'system note creation', { discussion_locked: true }, 'locked the discussion in this issue' it_behaves_like 'system note creation', { time_estimate: 5 }, 'changed time estimate' context 'when new label is added' do diff --git a/spec/services/issues/update_service_spec.rb b/spec/services/issues/update_service_spec.rb index c4ad4039b45..0cb13bfb917 100644 --- a/spec/services/issues/update_service_spec.rb +++ b/spec/services/issues/update_service_spec.rb @@ -491,9 +491,9 @@ RSpec.describe Issues::UpdateService, :mailer, feature_category: :team_planning end it 'creates system note about discussion lock' do - note = find_note('locked this issue') + note = find_note('locked the discussion in this issue') - expect(note.note).to eq 'locked this issue' + expect(note.note).to eq 'locked the discussion in this issue' end end diff --git a/spec/services/merge_requests/update_service_spec.rb b/spec/services/merge_requests/update_service_spec.rb index f5494f429c3..53dd4263770 100644 --- a/spec/services/merge_requests/update_service_spec.rb +++ b/spec/services/merge_requests/update_service_spec.rb @@ -351,10 +351,10 @@ RSpec.describe MergeRequests::UpdateService, :mailer, feature_category: :code_re end it 'creates system note about discussion lock' do - note = find_note('locked this merge request') + note = find_note('locked the discussion in this merge request') expect(note).not_to be_nil - expect(note.note).to eq 'locked this merge request' + expect(note.note).to eq 'locked the discussion in this merge request' end context 'when current user cannot admin issues in the project' do diff --git a/spec/services/system_notes/issuables_service_spec.rb b/spec/services/system_notes/issuables_service_spec.rb index bcca1ed0b23..ca6feb6fde2 100644 --- a/spec/services/system_notes/issuables_service_spec.rb +++ b/spec/services/system_notes/issuables_service_spec.rb @@ -784,7 +784,7 @@ RSpec.describe ::SystemNotes::IssuablesService, feature_category: :team_planning service = described_class.new(noteable: issuable, author: author) expect(service.discussion_lock.note) - .to eq("unlocked this #{type.to_s.titleize.downcase}") + .to eq("unlocked the discussion in this #{type.to_s.titleize.downcase}") end end end @@ -804,7 +804,7 @@ RSpec.describe ::SystemNotes::IssuablesService, feature_category: :team_planning service = described_class.new(noteable: issuable, author: author) expect(service.discussion_lock.note) - .to eq("locked this #{type.to_s.titleize.downcase}") + .to eq("locked the discussion in this #{type.to_s.titleize.downcase}") end end end diff --git a/spec/views/projects/pages/new.html.haml_spec.rb b/spec/views/projects/pages/new.html.haml_spec.rb index 919b2fe84ee..d7295d60c51 100644 --- a/spec/views/projects/pages/new.html.haml_spec.rb +++ b/spec/views/projects/pages/new.html.haml_spec.rb @@ -13,30 +13,8 @@ RSpec.describe 'projects/pages/new' do allow(view).to receive(:current_user).and_return(user) end - describe 'with onboarding wizard feature enabled' do - before do - Feature.enable(:use_pipeline_wizard_for_pages) - end - - it "shows the onboarding wizard" do - render - expect(rendered).to have_selector('#js-pages') - end - end - - describe 'with onboarding wizard feature disabled' do - before do - Feature.disable(:use_pipeline_wizard_for_pages) - end - - it "does not show the onboarding wizard" do - render - expect(rendered).not_to have_selector('#js-pages') - end - - it "renders the usage instructions" do - render - expect(rendered).to render_template('projects/pages/_use') - end + it "shows the onboarding wizard" do + render + expect(rendered).to have_selector('#js-pages') end end |