diff options
99 files changed, 2407 insertions, 895 deletions
diff --git a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml index 8937ee44638..0dabc282b50 100644 --- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml +++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml @@ -134,7 +134,11 @@ gdk-qa-smoke-with-load-balancer: variables: QA_SCENARIO: Test::Instance::Smoke QA_RUN_TYPE: gdk-qa-smoke - allow_failure: true + artifacts: + paths: + - log + expire_in: 7 days + when: always rules: - changes: - ".gitlab/ci/test-on-gdk/**" @@ -147,7 +151,6 @@ gdk-qa-reliable: variables: QA_SCENARIO: Test::Instance::Blocking QA_RUN_TYPE: gdk-qa-blocking - allow_failure: true rules: - when: always @@ -159,7 +162,11 @@ gdk-qa-reliable-with-load-balancer: variables: QA_SCENARIO: Test::Instance::Blocking QA_RUN_TYPE: gdk-qa-blocking - allow_failure: true + artifacts: + paths: + - log + expire_in: 7 days + when: always rules: - changes: - ".gitlab/ci/test-on-gdk/**" @@ -172,7 +179,6 @@ gdk-qa-non-blocking: variables: QA_SCENARIO: Test::Instance::NonBlocking QA_RUN_TYPE: gdk-qa-non-blocking - allow_failure: true rules: - when: manual diff --git a/app/assets/javascripts/admin/users/components/users_table.vue b/app/assets/javascripts/admin/users/components/users_table.vue index 2d2c598f953..65737be1e67 100644 --- a/app/assets/javascripts/admin/users/components/users_table.vue +++ b/app/assets/javascripts/admin/users/components/users_table.vue @@ -109,7 +109,7 @@ export default { :empty-text="s__('AdminUsers|No users found')" show-empty stacked="md" - :tbody-tr-attr="{ 'data-qa-selector': 'user_row_content' }" + :tbody-tr-attr="{ 'data-testid': 'user-row-content' }" > <template #cell(name)="{ item: user }"> <user-avatar :user="user" :admin-user-path="paths.adminUser" /> diff --git a/app/assets/javascripts/behaviors/preview_markdown.js b/app/assets/javascripts/behaviors/preview_markdown.js index 6b50abe7014..ce77ede9fe4 100644 --- a/app/assets/javascripts/behaviors/preview_markdown.js +++ b/app/assets/javascripts/behaviors/preview_markdown.js @@ -4,7 +4,6 @@ import $ from 'jquery'; import { renderGFM } from '~/behaviors/markdown/render_gfm'; import { createAlert } from '~/alert'; import axios from '~/lib/utils/axios_utils'; -import { addMarkdownListeners, removeMarkdownListeners } from '~/lib/utils/text_markdown'; import { __ } from '~/locale'; // MarkdownPreview @@ -129,8 +128,6 @@ $(document).on('markdown-preview:show', (e, $form) => { return; } - removeMarkdownListeners($form); - lastTextareaPreviewed = $form.find('textarea.markdown-area'); lastTextareaHeight = lastTextareaPreviewed.height(); @@ -168,7 +165,6 @@ $(document).on('markdown-preview:hide', (e, $form) => { $form.find('.haml-markdown-button, .js-zen-enter').removeClass('gl-display-none!'); markdownPreview.hideReferencedCommands($form); - addMarkdownListeners($form); }); $(document).on('markdown-preview:toggle', (e, keyboardEvent) => { diff --git a/app/assets/javascripts/content_editor/extensions/copy_paste.js b/app/assets/javascripts/content_editor/extensions/copy_paste.js index 45a89cc08cf..f484ce98e90 100644 --- a/app/assets/javascripts/content_editor/extensions/copy_paste.js +++ b/app/assets/javascripts/content_editor/extensions/copy_paste.js @@ -8,6 +8,7 @@ import { VARIANT_DANGER } from '~/alert'; import createMarkdownDeserializer from '../services/gl_api_markdown_deserializer'; import { ALERT_EVENT, EXTENSION_PRIORITY_HIGHEST } from '../constants'; import CodeBlockHighlight from './code_block_highlight'; +import CodeSuggestion from './code_suggestion'; import Diagram from './diagram'; import Frontmatter from './frontmatter'; @@ -15,7 +16,12 @@ const TEXT_FORMAT = 'text/plain'; const GFM_FORMAT = 'text/x-gfm'; const HTML_FORMAT = 'text/html'; const VS_CODE_FORMAT = 'vscode-editor-data'; -const CODE_BLOCK_NODE_TYPES = [CodeBlockHighlight.name, Diagram.name, Frontmatter.name]; +const CODE_BLOCK_NODE_TYPES = [ + CodeBlockHighlight.name, + CodeSuggestion.name, + Diagram.name, + Frontmatter.name, +]; function parseHTML(schema, html) { const parser = new DOMParser(); diff --git a/app/assets/javascripts/tracking/constants.js b/app/assets/javascripts/tracking/constants.js index 0e440750fdb..d0447fa167c 100644 --- a/app/assets/javascripts/tracking/constants.js +++ b/app/assets/javascripts/tracking/constants.js @@ -19,6 +19,7 @@ export const DEFAULT_SNOWPLOW_OPTIONS = { export const ACTION_ATTR_SELECTOR = '[data-track-action]'; export const LOAD_ACTION_ATTR_SELECTOR = '[data-track-action="render"]'; +export const INTERNAL_EVENTS_SELECTOR = '[data-event-tracking]'; export const URLS_CACHE_STORAGE_KEY = 'gl-snowplow-pseudonymized-urls'; diff --git a/app/assets/javascripts/tracking/index.js b/app/assets/javascripts/tracking/index.js index 6494838abac..7c2cd6fde27 100644 --- a/app/assets/javascripts/tracking/index.js +++ b/app/assets/javascripts/tracking/index.js @@ -69,4 +69,6 @@ export function initDefaultTrackers() { Tracking.bindDocument(); Tracking.trackLoadEvents(); + + InternalEvents.bindInternalEventDocument(); } diff --git a/app/assets/javascripts/tracking/internal_events.js b/app/assets/javascripts/tracking/internal_events.js index 56453373bbf..16cbb3e86e1 100644 --- a/app/assets/javascripts/tracking/internal_events.js +++ b/app/assets/javascripts/tracking/internal_events.js @@ -2,6 +2,8 @@ import API from '~/api'; import Tracking from './tracking'; import { GITLAB_INTERNAL_EVENT_CATEGORY, SERVICE_PING_SCHEMA } from './constants'; +import { Tracker } from './tracker'; +import { InternalEventHandler } from './utils'; const InternalEvents = { /** @@ -33,6 +35,24 @@ const InternalEvents = { }, }; }, + /** + * Attaches event handlers for data-attributes powered events. + * + * @param {HTMLElement} parent - element containing data-attributes + * @returns {Object} handler - object containing name of the event and its corresponding function + */ + bindInternalEventDocument(parent = document) { + if (!Tracker.enabled() || parent.internalEventsTrackingBound) { + return []; + } + + // eslint-disable-next-line no-param-reassign + parent.internalEventsTrackingBound = true; + + const handler = { name: 'click', func: (e) => InternalEventHandler(e, this.track_event) }; + parent.addEventListener(handler.name, handler.func); + return handler; + }, }; export default InternalEvents; diff --git a/app/assets/javascripts/tracking/utils.js b/app/assets/javascripts/tracking/utils.js index cc0d7e7a44a..7cbc0f1843e 100644 --- a/app/assets/javascripts/tracking/utils.js +++ b/app/assets/javascripts/tracking/utils.js @@ -6,6 +6,7 @@ import { LOAD_ACTION_ATTR_SELECTOR, URLS_CACHE_STORAGE_KEY, REFERRER_TTL, + INTERNAL_EVENTS_SELECTOR, } from './constants'; export const addExperimentContext = (opts) => { @@ -69,6 +70,23 @@ export const createEventPayload = (el, { suffix = '' } = {}) => { }; }; +export const createInternalEventPayload = (el) => { + const { eventTracking } = el?.dataset || {}; + + return eventTracking; +}; + +export const InternalEventHandler = (e, func) => { + const el = e.target.closest(INTERNAL_EVENTS_SELECTOR); + + if (!el) { + return; + } + const event = createInternalEventPayload(el); + + func(event); +}; + export const eventHandler = (e, func, opts = {}) => { const actionSelector = `${ACTION_ATTR_SELECTOR}:not(${LOAD_ACTION_ATTR_SELECTOR})`; const el = e.target.closest(actionSelector); diff --git a/app/assets/javascripts/vue_shared/components/markdown/header.vue b/app/assets/javascripts/vue_shared/components/markdown/header.vue index 0c6a9c2fa98..a53d5049752 100644 --- a/app/assets/javascripts/vue_shared/components/markdown/header.vue +++ b/app/assets/javascripts/vue_shared/components/markdown/header.vue @@ -275,215 +275,232 @@ export default { @click="switchPreview" >{{ previewMarkdown ? $options.i18n.hidePreview : $options.i18n.preview }}</gl-button > - <template v-if="!previewMarkdown"> - <template v-if="canSuggest"> - <toolbar-button - ref="suggestButton" - :tag="mdSuggestion" - :prepend="true" - :button-title="__('Insert suggestion')" - :cursor-offset="4" - :tag-content="lineContent" - icon="doc-code" - data-qa-selector="suggestion_button" - class="js-suggestion-btn" - @click="handleSuggestDismissed" - /> - <gl-popover - v-if="suggestPopoverVisible" - :target="$refs.suggestButton.$el" - :css-classes="['diff-suggest-popover']" - placement="bottom" - :show="suggestPopoverVisible" - triggers="" - > - <strong>{{ __('New! Suggest changes directly') }}</strong> - <p class="mb-2"> - {{ - __( - 'Suggest code changes which can be immediately applied in one click. Try it out!', - ) - }} - </p> - <gl-button - variant="confirm" - category="primary" - size="small" - data-qa-selector="dismiss_suggestion_popover_button" - @click="handleSuggestDismissed" - > - {{ __('Got it') }} - </gl-button> - </gl-popover> - </template> - <ai-actions-dropdown - v-if="editorAiActions.length" - :actions="editorAiActions" - @input="insertAIAction" - @replace="replaceTextarea" - /> - <toolbar-button - tag="**" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Add bold text (%{modifierKey}B)'), { - modifierKey, - }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ - " - :shortcuts="$options.shortcuts.bold" - icon="bold" - /> - <toolbar-button - tag="_" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Add italic text (%{modifierKey}I)'), { - modifierKey, - }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ - " - :shortcuts="$options.shortcuts.italic" - icon="italic" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('strikethrough')" - tag="~~" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Add strikethrough text (%{modifierKey}%{shiftKey}X)'), { - modifierKey, - shiftKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, - }) - " - :shortcuts="$options.shortcuts.strikethrough" - icon="strikethrough" - /> + <template v-if="!previewMarkdown && canSuggest"> <toolbar-button - v-if="!restrictedToolBarItems.includes('quote')" + ref="suggestButton" + :tag="mdSuggestion" :prepend="true" - :tag="tag" - :button-title="__('Insert a quote')" - icon="quote" - @click="handleQuote" - /> - <toolbar-button tag="`" tag-block="```" :button-title="__('Insert code')" icon="code" /> - <toolbar-button - tag="[{text}](url)" - tag-select="url" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Add a link (%{modifierKey}K)'), { - modifierKey, - }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ - " - :shortcuts="$options.shortcuts.link" - icon="link" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('bullet-list')" - :prepend="true" - tag="- " - :button-title="__('Add a bullet list')" - icon="list-bulleted" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('numbered-list')" - :prepend="true" - tag="1. " - :button-title="__('Add a numbered list')" - icon="list-numbered" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('task-list')" - :prepend="true" - tag="- [ ] " - :button-title="__('Add a checklist')" - icon="list-task" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('indent')" - class="gl-display-none" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Indent line (%{modifierKey}])'), { - modifierKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, - }) - " - :shortcuts="$options.shortcuts.indent" - command="indentLines" - icon="list-indent" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('outdent')" - class="gl-display-none" - :button-title=" - /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ - sprintf(s__('MarkdownEditor|Outdent line (%{modifierKey}[)'), { - modifierKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, - }) - " - :shortcuts="$options.shortcuts.outdent" - command="outdentLines" - icon="list-outdent" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('collapsible-section')" - :tag="mdCollapsibleSection" - :prepend="true" - tag-select="Click to expand" - :button-title="__('Add a collapsible section')" - icon="details-block" - /> - <toolbar-button - v-if="!restrictedToolBarItems.includes('table')" - :tag="mdTable" - :prepend="true" - :button-title="__('Add a table')" - icon="table" + :button-title="__('Insert suggestion')" + :cursor-offset="4" + :tag-content="lineContent" + icon="doc-code" + data-qa-selector="suggestion_button" + class="js-suggestion-btn" + @click="handleSuggestDismissed" /> + <gl-popover + v-if="suggestPopoverVisible" + :target="$refs.suggestButton.$el" + :css-classes="['diff-suggest-popover']" + placement="bottom" + :show="suggestPopoverVisible" + triggers="" + > + <strong>{{ __('New! Suggest changes directly') }}</strong> + <p class="mb-2"> + {{ + __( + 'Suggest code changes which can be immediately applied in one click. Try it out!', + ) + }} + </p> + <gl-button + variant="confirm" + category="primary" + size="small" + data-qa-selector="dismiss_suggestion_popover_button" + @click="handleSuggestDismissed" + > + {{ __('Got it') }} + </gl-button> + </gl-popover> + </template> + <ai-actions-dropdown + v-if="!previewMarkdown && editorAiActions.length" + :actions="editorAiActions" + @input="insertAIAction" + @replace="replaceTextarea" + /> + <toolbar-button + v-show="!previewMarkdown" + tag="**" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Add bold text (%{modifierKey}B)'), { + modifierKey, + }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ + " + :shortcuts="$options.shortcuts.bold" + icon="bold" + /> + <toolbar-button + v-show="!previewMarkdown" + tag="_" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Add italic text (%{modifierKey}I)'), { + modifierKey, + }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ + " + :shortcuts="$options.shortcuts.italic" + icon="italic" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('strikethrough')" + v-show="!previewMarkdown" + tag="~~" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Add strikethrough text (%{modifierKey}%{shiftKey}X)'), { + modifierKey, + shiftKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, + }) + " + :shortcuts="$options.shortcuts.strikethrough" + icon="strikethrough" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('quote')" + v-show="!previewMarkdown" + :prepend="true" + :tag="tag" + :button-title="__('Insert a quote')" + icon="quote" + @click="handleQuote" + /> + <toolbar-button + v-show="!previewMarkdown" + tag="`" + tag-block="```" + :button-title="__('Insert code')" + icon="code" + /> + <toolbar-button + v-show="!previewMarkdown" + tag="[{text}](url)" + tag-select="url" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Add a link (%{modifierKey}K)'), { + modifierKey, + }) /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */ + " + :shortcuts="$options.shortcuts.link" + icon="link" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('bullet-list')" + v-show="!previewMarkdown" + :prepend="true" + tag="- " + :button-title="__('Add a bullet list')" + icon="list-bulleted" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('numbered-list')" + v-show="!previewMarkdown" + :prepend="true" + tag="1. " + :button-title="__('Add a numbered list')" + icon="list-numbered" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('task-list')" + v-show="!previewMarkdown" + :prepend="true" + tag="- [ ] " + :button-title="__('Add a checklist')" + icon="list-task" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('indent')" + v-show="!previewMarkdown" + class="gl-display-none" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Indent line (%{modifierKey}])'), { + modifierKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, + }) + " + :shortcuts="$options.shortcuts.indent" + command="indentLines" + icon="list-indent" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('outdent')" + v-show="!previewMarkdown" + class="gl-display-none" + :button-title=" + /* eslint-disable @gitlab/vue-no-new-non-primitive-in-template */ + sprintf(s__('MarkdownEditor|Outdent line (%{modifierKey}[)'), { + modifierKey /* eslint-enable @gitlab/vue-no-new-non-primitive-in-template */, + }) + " + :shortcuts="$options.shortcuts.outdent" + command="outdentLines" + icon="list-outdent" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('collapsible-section')" + v-show="!previewMarkdown" + :tag="mdCollapsibleSection" + :prepend="true" + tag-select="Click to expand" + :button-title="__('Add a collapsible section')" + icon="details-block" + /> + <toolbar-button + v-if="!restrictedToolBarItems.includes('table')" + v-show="!previewMarkdown" + :tag="mdTable" + :prepend="true" + :button-title="__('Add a table')" + icon="table" + /> + <gl-button + v-if="!previewMarkdown && !restrictedToolBarItems.includes('attach-file')" + v-gl-tooltip + :aria-label="__('Attach a file or image')" + :title="__('Attach a file or image')" + class="gl-mr-3" + data-testid="button-attach-file" + category="tertiary" + icon="paperclip" + size="small" + @click="handleAttachFile" + /> + <drawio-toolbar-button + v-if="!previewMarkdown && drawioEnabled" + :uploads-path="uploadsPath" + :markdown-preview-path="markdownPreviewPath" + /> + <!-- TODO Add icon and trigger functionality from here --> + <toolbar-button + v-if="supportsQuickActions" + v-show="!previewMarkdown" + :prepend="true" + tag="/" + :button-title="__('Add a quick action')" + icon="quick-actions" + /> + <comment-templates-dropdown + v-if="!previewMarkdown && newCommentTemplatePath && glFeatures.savedReplies" + :new-comment-template-path="newCommentTemplatePath" + @select="insertSavedReply" + /> + <div v-if="!previewMarkdown" class="full-screen"> <gl-button - v-if="!restrictedToolBarItems.includes('attach-file')" + v-if="!restrictedToolBarItems.includes('full-screen')" v-gl-tooltip - :aria-label="__('Attach a file or image')" - :title="__('Attach a file or image')" - class="gl-mr-3" - data-testid="button-attach-file" + class="js-zen-enter" category="tertiary" - icon="paperclip" + icon="maximize" size="small" - @click="handleAttachFile" - /> - <drawio-toolbar-button - v-if="drawioEnabled" - :uploads-path="uploadsPath" - :markdown-preview-path="markdownPreviewPath" - /> - <!-- TODO Add icon and trigger functionality from here --> - <toolbar-button - v-if="supportsQuickActions" + :title="__('Go full screen')" :prepend="true" - tag="/" - :button-title="__('Add a quick action')" - icon="quick-actions" - /> - <comment-templates-dropdown - v-if="newCommentTemplatePath && glFeatures.savedReplies" - :new-comment-template-path="newCommentTemplatePath" - @select="insertSavedReply" + :aria-label="__('Go full screen')" /> - <div class="full-screen"> - <gl-button - v-if="!restrictedToolBarItems.includes('full-screen')" - v-gl-tooltip - class="js-zen-enter" - category="tertiary" - icon="maximize" - size="small" - :title="__('Go full screen')" - :prepend="true" - :aria-label="__('Go full screen')" - /> - </div> - </template> + </div> </div> </div> </div> diff --git a/app/controllers/projects/ml/candidates_controller.rb b/app/controllers/projects/ml/candidates_controller.rb index ed7155fc5f4..9905e454acb 100644 --- a/app/controllers/projects/ml/candidates_controller.rb +++ b/app/controllers/projects/ml/candidates_controller.rb @@ -3,7 +3,9 @@ module Projects module Ml class CandidatesController < ApplicationController - before_action :check_feature_enabled, :set_candidate + before_action :set_candidate + before_action :check_read, only: [:show] + before_action :check_write, only: [:destroy] feature_category :mlops @@ -26,9 +28,13 @@ module Projects render_404 unless @candidate.present? end - def check_feature_enabled + def check_read render_404 unless can?(current_user, :read_model_experiments, @project) end + + def check_write + render_404 unless can?(current_user, :write_model_experiments, @project) + end end end end diff --git a/app/controllers/projects/ml/experiments_controller.rb b/app/controllers/projects/ml/experiments_controller.rb index a620e9919e7..85e7f63779c 100644 --- a/app/controllers/projects/ml/experiments_controller.rb +++ b/app/controllers/projects/ml/experiments_controller.rb @@ -5,7 +5,8 @@ module Projects class ExperimentsController < ::Projects::ApplicationController include Projects::Ml::ExperimentsHelper - before_action :check_feature_enabled + before_action :check_read, only: [:show, :index] + before_action :check_write, only: [:destroy] before_action :set_experiment, only: [:show, :destroy] feature_category :mlops @@ -55,10 +56,14 @@ module Projects private - def check_feature_enabled + def check_read render_404 unless can?(current_user, :read_model_experiments, @project) end + def check_write + render_404 unless can?(current_user, :write_model_experiments, @project) + end + def set_experiment @experiment = ::Ml::Experiment.by_project_id_and_iid(@project.id, params[:iid]) diff --git a/app/helpers/sorting_helper.rb b/app/helpers/sorting_helper.rb index 9038d972f65..1405bc7be37 100644 --- a/app/helpers/sorting_helper.rb +++ b/app/helpers/sorting_helper.rb @@ -2,6 +2,7 @@ module SortingHelper include SortingTitlesValuesHelper + include ButtonHelper # rubocop: disable Metrics/AbcSize def sort_options_hash @@ -167,10 +168,6 @@ module SortingHelper } end - def sortable_item(item, path, sorted_by) - link_to item, path, class: sorted_by == item ? 'is-active' : '' - end - def issuable_sort_option_overrides { sort_value_oldest_created => sort_value_created_date, @@ -275,7 +272,7 @@ module SortingHelper end def sort_direction_button(reverse_url, reverse_sort, sort_value) - link_class = 'gl-button btn btn-default btn-icon has-tooltip reverse-sort-btn rspec-reverse-sort' + link_class = 'has-tooltip reverse-sort-btn rspec-reverse-sort' icon = sort_direction_icon(sort_value) url = reverse_url @@ -284,9 +281,7 @@ module SortingHelper link_class += ' disabled' end - link_to(url, type: 'button', class: link_class, title: s_('SortOptions|Sort direction')) do - sprite_icon(icon) - end + link_button_to nil, url, class: link_class, title: s_('SortOptions|Sort direction'), icon: icon end def issuable_sort_direction_button(sort_value) diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index 0891c66853e..ad6155258ab 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -905,6 +905,10 @@ class ProjectPolicy < BasePolicy enable :read_model_experiments end + rule { can?(:reporter_access) & model_experiments_enabled }.policy do + enable :write_model_experiments + end + rule { ~admin & created_and_owned_by_banned_user }.policy do prevent :read_project end diff --git a/app/views/admin/application_settings/_ci_cd.html.haml b/app/views/admin/application_settings/_ci_cd.html.haml index 0c9d5a5a8df..0125c83dc72 100644 --- a/app/views/admin/application_settings/_ci_cd.html.haml +++ b/app/views/admin/application_settings/_ci_cd.html.haml @@ -28,13 +28,13 @@ = f.number_field :max_artifacts_size, class: 'form-control gl-form-input' .form-text.text-muted = _("The maximum file size for job artifacts.") - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'maximum-artifacts-size') + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'maximum-artifacts-size') .form-group = f.label :default_artifacts_expire_in, _('Default artifacts expiration'), class: 'label-bold' = f.text_field :default_artifacts_expire_in, class: 'form-control gl-form-input' .form-text.text-muted = html_escape(_("Set the default expiration time for job artifacts in all projects. Set to %{code_open}0%{code_close} to never expire artifacts by default. If no unit is written, it defaults to seconds. For example, these are all equivalent: %{code_open}3600%{code_close}, %{code_open}60 minutes%{code_close}, or %{code_open}one hour%{code_close}.")) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe } - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'default-artifacts-expiration') + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'default-artifacts-expiration') .form-group = f.gitlab_ui_checkbox_component :keep_latest_artifact, s_('AdminSettings|Keep the latest artifacts for all jobs in the latest successful pipelines'), help_text: s_('AdminSettings|The latest artifacts for all jobs in the most recent successful pipelines in each project are stored and do not expire.') .form-group @@ -42,7 +42,7 @@ = f.text_field :archive_builds_in_human_readable, class: 'form-control gl-form-input' .form-text.text-muted = html_escape(_("Jobs older than the configured time are considered expired and are archived. Archived jobs can no longer be retried. Leave empty to never archive jobs automatically. The default unit is in days, but you can use other units, for example %{code_open}15 days%{code_close}, %{code_open}1 month%{code_close}, %{code_open}2 years%{code_close}. Minimum value is 1 day.")) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe } - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'archive-jobs') + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'archive-jobs') .form-group = f.gitlab_ui_checkbox_component :protected_ci_variables, s_('AdminSettings|Protect CI/CD variables by default'), help_text: s_('AdminSettings|New CI/CD variables in projects and groups default to protected.') .form-group diff --git a/app/views/admin/application_settings/_email.html.haml b/app/views/admin/application_settings/_email.html.haml index 80a7d3607ef..2f31eb5f6d1 100644 --- a/app/views/admin/application_settings/_email.html.haml +++ b/app/views/admin/application_settings/_email.html.haml @@ -10,7 +10,7 @@ = f.label :commit_email_hostname, _('Custom hostname (for private commit emails)'), class: 'label-bold' = f.text_field :commit_email_hostname, class: 'form-control gl-form-input' .form-text.text-muted - - commit_email_hostname_docs_link = link_to _('Learn more'), help_page_path('user/admin_area/settings/email.md', anchor: 'custom-hostname-for-private-commit-emails'), target: '_blank', rel: 'noopener noreferrer' + - commit_email_hostname_docs_link = link_to _('Learn more'), help_page_path('administration/settings/email.md', anchor: 'custom-hostname-for-private-commit-emails'), target: '_blank', rel: 'noopener noreferrer' = _("Hostname used in private commit emails. %{learn_more}").html_safe % { learn_more: commit_email_hostname_docs_link } = render_if_exists 'admin/application_settings/email_additional_text_setting', form: f diff --git a/app/views/admin/application_settings/_runner_registrars_form.html.haml b/app/views/admin/application_settings/_runner_registrars_form.html.haml index 1329e5aeca9..b112c273aad 100644 --- a/app/views/admin/application_settings/_runner_registrars_form.html.haml +++ b/app/views/admin/application_settings/_runner_registrars_form.html.haml @@ -16,7 +16,7 @@ = s_('Runners|Runner registration') %span.form-text.gl-mb-3.gl-mt-0 = s_('Runners|If both settings are disabled, new runners cannot be registered.') - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer' + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer' = hidden_field_tag "application_setting[valid_runner_registrars][]", nil - ApplicationSetting::VALID_RUNNER_REGISTRAR_TYPES.each do |type| = f.gitlab_ui_checkbox_component :valid_runner_registrars, s_("Runners|Members of the %{type} can register runners") % { type: type }, diff --git a/app/views/groups/settings/ci_cd/_form.html.haml b/app/views/groups/settings/ci_cd/_form.html.haml index d31d22c61be..9b23a8c5e0e 100644 --- a/app/views/groups/settings/ci_cd/_form.html.haml +++ b/app/views/groups/settings/ci_cd/_form.html.haml @@ -7,5 +7,5 @@ = f.number_field :max_artifacts_size, class: 'form-control' %p.form-text.text-muted = _("The maximum file size in megabytes for individual job artifacts.") - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'maximum-artifacts-size'), target: '_blank', rel: 'noopener noreferrer' + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'maximum-artifacts-size'), target: '_blank', rel: 'noopener noreferrer' = f.submit _('Save changes'), pajamas_button: true diff --git a/app/views/projects/merge_requests/_widget.html.haml b/app/views/projects/merge_requests/_widget.html.haml index 9ec4363fa9a..606d4e06d33 100644 --- a/app/views/projects/merge_requests/_widget.html.haml +++ b/app/views/projects/merge_requests/_widget.html.haml @@ -13,7 +13,7 @@ window.gl.mrWidgetData.pipeline_must_succeed_docs_path = '#{help_page_path('user/project/merge_requests/merge_when_pipeline_succeeds.md', anchor: 'require-a-successful-pipeline-for-merge')}'; window.gl.mrWidgetData.code_coverage_check_help_page_path = '#{help_page_path('ci/testing/code_coverage.md', anchor: 'coverage-check-approval-rule')}'; window.gl.mrWidgetData.security_configuration_path = '#{project_security_configuration_path(@project)}'; - window.gl.mrWidgetData.license_compliance_docs_path = '#{help_page_path('user/compliance/license_scanning_of_cyclonedx_files')}'; + window.gl.mrWidgetData.license_compliance_docs_path = '#{help_page_path('user/compliance/license_compliance/index.md')}'; window.gl.mrWidgetData.eligible_approvers_docs_path = '#{help_page_path('user/project/merge_requests/approvals/rules.md', anchor: 'eligible-approvers')}'; window.gl.mrWidgetData.approvals_help_path = '#{help_page_path("user/project/merge_requests/approvals/index.md")}'; window.gl.mrWidgetData.pipelines_empty_svg_path = '#{image_path('illustrations/empty-state/empty-pipeline-md.svg')}'; diff --git a/app/views/projects/project_templates/_template.html.haml b/app/views/projects/project_templates/_template.html.haml index 9dde86f77b4..93c53fc99fc 100644 --- a/app/views/projects/project_templates/_template.html.haml +++ b/app/views/projects/project_templates/_template.html.haml @@ -8,7 +8,7 @@ .text-muted = template.description .controls.d-flex.align-items-center - %a.btn.gl-button.btn-default.gl-mr-3{ href: template.preview, rel: 'noopener noreferrer', target: '_blank', data: { track_label: "template_preview", track_property: template.name, track_action: "click_button", track_value: "" } } + = render Pajamas::ButtonComponent.new(button_options: { class: 'gl-mr-3', data: { track_label: "template_preview", track_property: template.name, track_action: "click_button", track_value: "" }, rel: 'noopener noreferrer' }, href: template.preview, target: '_blank') do = _("Preview") %label.btn.gl-button.btn-confirm.template-button.choose-template.gl-mb-0{ for: template.name, 'data-testid': "use_template_#{template.name}" } diff --git a/app/views/projects/runners/_project_runners.html.haml b/app/views/projects/runners/_project_runners.html.haml index bafdb5fc239..0f2f0c3f21c 100644 --- a/app/views/projects/runners/_project_runners.html.haml +++ b/app/views/projects/runners/_project_runners.html.haml @@ -10,7 +10,7 @@ #js-project-runner-registration-dropdown{ data: { registration_token: @project.runners_token, project_id: @project.id } } - else = _('Please contact an admin to create runners.') - = link_to _('Learn more.'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer' + = link_to _('Learn more.'), help_page_path('administration/settings/continuous_integration', anchor: 'restrict-runner-registration-by-all-users-in-an-instance'), target: '_blank', rel: 'noopener noreferrer' %hr diff --git a/app/views/projects/settings/ci_cd/_form.html.haml b/app/views/projects/settings/ci_cd/_form.html.haml index 6f64d3f3f76..6eccbd245af 100644 --- a/app/views/projects/settings/ci_cd/_form.html.haml +++ b/app/views/projects/settings/ci_cd/_form.html.haml @@ -75,7 +75,7 @@ = f.number_field :max_artifacts_size, class: 'form-control gl-form-input' %p.form-text.text-muted = _("The maximum file size in megabytes for individual job artifacts.") - = link_to sprite_icon('question-o'), help_page_path('user/admin_area/settings/continuous_integration', anchor: 'maximum-artifacts-size'), target: '_blank', rel: 'noopener noreferrer' + = link_to sprite_icon('question-o'), help_page_path('administration/settings/continuous_integration', anchor: 'maximum-artifacts-size'), target: '_blank', rel: 'noopener noreferrer' = f.submit _('Save changes'), pajamas_button: true diff --git a/db/migrate/20230714195649_add_namespace_storage_forks_cost_factor_to_application_settings.rb b/db/migrate/20230714195649_add_namespace_storage_forks_cost_factor_to_application_settings.rb new file mode 100644 index 00000000000..3388b934668 --- /dev/null +++ b/db/migrate/20230714195649_add_namespace_storage_forks_cost_factor_to_application_settings.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +class AddNamespaceStorageForksCostFactorToApplicationSettings < Gitlab::Database::Migration[2.1] + disable_ddl_transaction! + + CONSTRAINT_NAME = 'check_app_settings_namespace_storage_forks_cost_factor_range' + + def up + with_lock_retries do + add_column :application_settings, :namespace_storage_forks_cost_factor, + :float, default: 1.0, null: false, if_not_exists: true + end + + add_check_constraint :application_settings, + 'namespace_storage_forks_cost_factor >= 0 AND namespace_storage_forks_cost_factor <= 1', + CONSTRAINT_NAME + end + + def down + remove_column :application_settings, :namespace_storage_forks_cost_factor + end +end diff --git a/db/schema_migrations/20230714195649 b/db/schema_migrations/20230714195649 new file mode 100644 index 00000000000..7d0954f5ed8 --- /dev/null +++ b/db/schema_migrations/20230714195649 @@ -0,0 +1 @@ +d47e6e46f9c70ae93c929e93bc361f3ca88ae86d1139110ddda341564a465b60
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 4a25aef4efa..05b1d298943 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -11772,6 +11772,7 @@ CREATE TABLE application_settings ( elasticsearch_requeue_workers boolean DEFAULT false NOT NULL, elasticsearch_worker_number_of_shards integer DEFAULT 2 NOT NULL, relay_state_domain_allowlist text[] DEFAULT '{}'::text[] NOT NULL, + namespace_storage_forks_cost_factor double precision DEFAULT 1.0 NOT NULL, CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)), CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)), CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)), @@ -11815,6 +11816,7 @@ CREATE TABLE application_settings ( CONSTRAINT check_9c6c447a13 CHECK ((char_length(maintenance_mode_message) <= 255)), CONSTRAINT check_a5704163cc CHECK ((char_length(secret_detection_revocation_token_types_url) <= 255)), CONSTRAINT check_ae53cf7f82 CHECK ((char_length(vertex_ai_host) <= 255)), + CONSTRAINT check_app_settings_namespace_storage_forks_cost_factor_range CHECK (((namespace_storage_forks_cost_factor >= (0)::double precision) AND (namespace_storage_forks_cost_factor <= (1)::double precision))), CONSTRAINT check_b8c74ea5b3 CHECK ((char_length(deactivation_email_additional_text) <= 1000)), CONSTRAINT check_d03919528d CHECK ((char_length(container_registry_vendor) <= 255)), CONSTRAINT check_d820146492 CHECK ((char_length(spam_check_endpoint_url) <= 255)), diff --git a/doc/administration/compliance.md b/doc/administration/compliance.md index ec7d4c05b21..cc162e8ec53 100644 --- a/doc/administration/compliance.md +++ b/doc/administration/compliance.md @@ -69,7 +69,7 @@ These features can also help with compliance requirements: | [Enforce ToS acceptance](../user/admin_area/settings/terms.md) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Enforce your users accepting new terms of service by blocking GitLab traffic. | | [External Status Checks](../user/project/merge_requests/status_checks.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Interface with third-party systems you already use during development to ensure you remain compliant. | | [Generate reports on permission<br/>levels of users](../administration/admin_area.md#user-permission-export) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Generate a report listing all users' access permissions for groups and projects in the instance. | -| [License approval policies](../user/compliance/license_approval_policies.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Search dependencies for their licenses. This lets you determine if the licenses of your project's dependencies are compatible with your project's license. | +| [License compliance](../user/compliance/license_compliance/index.md) | **{dotted-circle}** No | **{dotted-circle}** No | **{check-circle}** Yes | Search dependencies for their licenses. This lets you determine if the licenses of your project's dependencies are compatible with your project's license. | | [Lock project membership to group](../user/group/access_and_permissions.md#prevent-members-from-being-added-to-projects-in-a-group) | **{dotted-circle}** No | **{check-circle}** Yes | **{dotted-circle}** No | Group owners can prevent new members from being added to projects in a group. | | [LDAP group sync](auth/ldap/ldap_synchronization.md#group-sync) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. | | [LDAP group sync filters](auth/ldap/ldap_synchronization.md#group-sync) | **{check-circle}** Yes | **{dotted-circle}** No | **{dotted-circle}** No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. | diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index b9a31a57245..81caf0ed62c 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -603,7 +603,7 @@ Plan.default.actual_limits.update!(project_ci_variables: 10000) Job artifacts defined with [`artifacts:reports`](../ci/yaml/index.md#artifactsreports) that are uploaded by the runner are rejected if the file size exceeds the maximum file size limit. The limit is determined by comparing the project's -[maximum artifact size setting](../user/admin_area/settings/continuous_integration.md#maximum-artifacts-size) +[maximum artifact size setting](../administration/settings/continuous_integration.md#maximum-artifacts-size) with the instance limit for the given artifact type, and choosing the smaller value. Limits are set in megabytes, so the smallest possible value that can be defined is `1 MB`. diff --git a/doc/administration/job_artifacts.md b/doc/administration/job_artifacts.md index 099e7ec9e6f..106334b226d 100644 --- a/doc/administration/job_artifacts.md +++ b/doc/administration/job_artifacts.md @@ -282,7 +282,7 @@ To migrate back to local storage, you must If [`artifacts:expire_in`](../ci/yaml/index.md#artifactsexpire_in) is used to set an expiry for the artifacts, they are marked for deletion right after that date passes. -Otherwise, they expire per the [default artifacts expiration setting](../user/admin_area/settings/continuous_integration.md). +Otherwise, they expire per the [default artifacts expiration setting](../administration/settings/continuous_integration.md). Artifacts are cleaned up by the `expire_build_artifacts_worker` cron job which Sidekiq runs every 7 minutes (`*/7 * * * *` in [Cron](../topics/cron/index.md) syntax). @@ -376,7 +376,7 @@ To change the default schedule on which the artifacts are expired: ## Set the maximum file size of the artifacts If artifacts are enabled, you can change the maximum file size of the -artifacts through the [Admin Area settings](../user/admin_area/settings/continuous_integration.md#maximum-artifacts-size). +artifacts through the [Admin Area settings](../administration/settings/continuous_integration.md#maximum-artifacts-size). ## Storage statistics diff --git a/doc/administration/moderate_users.md b/doc/administration/moderate_users.md index 41d61d8418f..42f1f26586f 100644 --- a/doc/administration/moderate_users.md +++ b/doc/administration/moderate_users.md @@ -156,7 +156,7 @@ Personal projects, and group and user history of the deactivated user are left i NOTE: Users are notified about account deactivation if -[user deactivation emails](../user/admin_area/settings/email.md#user-deactivation-emails) are enabled. +[user deactivation emails](../administration/settings/email.md#user-deactivation-emails) are enabled. A user can be deactivated from the Admin Area. To do this: diff --git a/doc/administration/settings/continuous_integration.md b/doc/administration/settings/continuous_integration.md new file mode 100644 index 00000000000..eaa240d4c96 --- /dev/null +++ b/doc/administration/settings/continuous_integration.md @@ -0,0 +1,429 @@ +--- +stage: Verify +group: Pipeline Execution +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +type: reference +--- + +# Continuous Integration and Deployment Admin Area settings **(FREE SELF)** + +The [Admin Area](index.md) has the instance settings for Auto DevOps, runners, and +job artifacts. + +## Auto DevOps + +To enable (or disable) [Auto DevOps](../../topics/autodevops/index.md) +for all projects: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**. +1. Optionally, set up the [Auto DevOps base domain](../../topics/autodevops/requirements.md#auto-devops-base-domain) + which is used for Auto Deploy and Auto Review Apps. +1. Select **Save changes** for the changes to take effect. + +From now on, every existing project and newly created ones that don't have a +`.gitlab-ci.yml` use the Auto DevOps pipelines. + +If you want to disable it for a specific project, you can do so in +[its settings](../../topics/autodevops/index.md#enable-or-disable-auto-devops). + +## Enable shared runners for new projects + +You can set all new projects to have the instance's shared runners available by default. + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand **Continuous Integration and Deployment**. +1. Select the **Enable shared runners for new projects** checkbox. + +Any time a new project is created, the shared runners are available. + +## Shared runners compute quota + +As an administrator you can set either a global or namespace-specific +limit on the number of [compute minutes](../../ci/pipelines/cicd_minutes.md) you can use. + +## Enable a project runner for multiple projects + +If you have already registered a [project runner](../../ci/runners/runners_scope.md#project-runners) +you can assign that runner to other projects. + +To enable a project runner for more than one project: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. From the left sidebar, select **CI/CD > Runners**. +1. Select the runner you want to edit. +1. In the upper-right corner, select **Edit** (**{pencil}**). +1. Under **Restrict projects for this runner**, search for a project. +1. To the left of the project, select **Enable**. +1. Repeat this process for each additional project. + +## Add a message for shared runners + +To display details about the instance's shared runners in all projects' +runner settings: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand **Continuous Integration and Deployment**. +1. Enter text, including Markdown if you want, in the **Shared runner details** field. For example: + +  + +To view the rendered details: + +1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. + + + +## Maximum artifacts size + +The maximum size of the [job artifacts](../../administration/job_artifacts.md) +can be set at: + +- The instance level. +- [From GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/-/issues/21688), the project and group level. + +For the setting on GitLab.com, see [Artifacts maximum size](../../user/gitlab_com/index.md#gitlab-cicd). + +The value is in MB and the default is 100 MB per job. To change it at the: + +- Instance level: + + 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). + 1. Select **Admin Area**. + 1. On the left sidebar, select **Settings > CI/CD > Continuous Integration and Deployment**. + 1. Change the value of **Maximum artifacts size (MB)**. + 1. Select **Save changes** for the changes to take effect. + +- Group level (this overrides the instance setting): + + 1. Go to the group's **Settings > CI/CD > General Pipelines**. + 1. Change the value of **Maximum artifacts size** (in MB). + 1. Select **Save changes** for the changes to take effect. + +- Project level (this overrides the instance and group settings): + + 1. Go to the project's **Settings > CI/CD > General Pipelines**. + 1. Change the value of **maximum artifacts size** (in MB). + 1. Select **Save changes** for the changes to take effect. + +NOTE: +The setting at all levels is only available to GitLab administrators. + +## Default artifacts expiration + +The default expiration time of the [job artifacts](../../administration/job_artifacts.md) +can be set in the Admin Area of your GitLab instance. The syntax of duration is +described in [`artifacts:expire_in`](../../ci/yaml/index.md#artifactsexpire_in) +and the default value is `30 days`. + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Change the value of default expiration time. +1. Select **Save changes** for the changes to take effect. + +This setting is set per job and can be overridden in +[`.gitlab-ci.yml`](../../ci/yaml/index.md#artifactsexpire_in). +To disable the expiration, set it to `0`. The default unit is in seconds. + +NOTE: +Any changes to this setting applies to new artifacts only. The expiration time is not +be updated for artifacts created before this setting was changed. +The administrator may need to manually search for and expire previously-created +artifacts, as described in the [troubleshooting documentation](../../administration/job_artifacts.md#delete-job-artifacts-from-jobs-completed-before-a-specific-date). + +## Keep the latest artifacts for all jobs in the latest successful pipelines + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50889) in GitLab 13.9. + +When enabled (default), the artifacts of the most recent pipeline for each Git ref +([branches and tags](https://git-scm.com/book/en/v2/Git-Internals-Git-References)) +are locked against deletion and kept regardless of the expiry time. + +When disabled, the latest artifacts for any **new** successful or fixed pipelines +are allowed to expire. + +This setting takes precedence over the [project level setting](../../ci/jobs/job_artifacts.md#keep-artifacts-from-most-recent-successful-jobs). +If disabled at the instance level, you cannot enable this per-project. + +To disable the setting: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand **Continuous Integration and Deployment**. +1. Clear the **Keep the latest artifacts for all jobs in the latest successful pipelines** checkbox. +1. Select **Save changes** + +When you disable the feature, the latest artifacts do not immediately expire. +A new pipeline must run before the latest artifacts can expire and be deleted. + +NOTE: +All application settings have a [customizable cache expiry interval](../../administration/application_settings_cache.md) which can delay the settings affect. + +## Archive jobs + +Archiving jobs is useful for reducing the CI/CD footprint on the system by removing some +of the capabilities of the jobs (metadata stored in the database needed to run the job), +but persisting the traces and artifacts for auditing purposes. + +To set the duration for which the jobs are considered as old and expired: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Continuous Integration and Deployment** section. +1. Set the value of **Archive jobs**. +1. Select **Save changes** for the changes to take effect. + +After that time passes, the jobs are archived in the background and no longer able to be +retried. Make it empty to never expire jobs. It has to be no less than 1 day, +for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>. + +For the value set for GitLab.com, see [Scheduled job archiving](../../user/gitlab_com/index.md#gitlab-cicd). + +## Protect CI/CD variables by default + +To set all new [CI/CD variables](../../ci/variables/index.md) as +[protected](../../ci/variables/index.md#protect-a-cicd-variable) by default: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Select **Protect CI/CD variables by default**. + +## Maximum includes + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207270) in GitLab 16.0. + +The maximum number of [includes](../../ci/yaml/includes.md) per pipeline can be set at the instance level. +The default is `150`. + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Change the value of **Maximum includes**. +1. Select **Save changes** for the changes to take effect. + +## Default CI/CD configuration file + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18073) in GitLab 12.5. + +The default CI/CD configuration file and path for new projects can be set in the Admin Area +of your GitLab instance (`.gitlab-ci.yml` if not set): + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Input the new file and path in the **Default CI/CD configuration file** field. +1. Select **Save changes** for the changes to take effect. + +It is also possible to specify a [custom CI/CD configuration file for a specific project](../../ci/pipelines/settings.md#specify-a-custom-cicd-configuration-file). + +## Set CI/CD limits + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352175) in GitLab 14.10. + +You can configure some [CI/CD limits](../../administration/instance_limits.md#cicd-limits) +from the Admin Area: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Continuous Integration and Deployment** section. +1. In the **CI/CD limits** section, you can set the following limits: + - **Maximum number of jobs in a single pipeline** + - **Total number of jobs in currently active pipelines** + - **Maximum number of active pipelines per project** + - **Maximum number of pipeline subscriptions to and from a project** + - **Maximum number of pipeline schedules** + - **Maximum number of DAG dependencies that a job can have** + - **Maximum number of runners registered per group** + - **Maximum number of runners registered per project** + - **Maximum number of downstream pipelines in a pipeline's hierarchy tree** + +## Enable or disable the pipeline suggestion banner + +By default, a banner displays in merge requests with no pipeline suggesting a +walkthrough on how to add one. + + + +To enable or disable the banner: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Select or clear the **Enable pipeline suggestion banner** checkbox. +1. Select **Save changes**. + +## Required pipeline configuration **(ULTIMATE SELF)** + +> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/352316) from GitLab Premium to GitLab Ultimate in 15.0. +> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/389467) in GitLab 15.9. + +WARNING: +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/389467) in GitLab 15.9 +and is planned for removal in 17.0. Use [compliance pipelines](../../user/group/compliance_frameworks.md#compliance-pipelines) +instead. This change is a breaking change. + +You can set a [CI/CD template](../../ci/examples/index.md#cicd-templates) +as a required pipeline configuration for all projects on a GitLab instance. You can +use a template from: + +- The default CI/CD templates. +- A custom template stored in an [instance template repository](instance_template_repository.md). + + NOTE: + When you use a configuration defined in an instance template repository, + nested [`include:`](../../ci/yaml/index.md#include) keywords + (including `include:file`, `include:local`, `include:remote`, and `include:template`) + [do not work](https://gitlab.com/gitlab-org/gitlab/-/issues/35345). + +The project CI/CD configuration merges into the required pipeline configuration when +a pipeline runs. The merged configuration is the same as if the required pipeline configuration +added the project configuration with the [`include` keyword](../../ci/yaml/index.md#include). +To view a project's full merged configuration, [View full configuration](../../ci/pipeline_editor/index.md#view-full-configuration) +in the pipeline editor. + +To select a CI/CD template for the required pipeline configuration: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Required pipeline configuration** section. +1. Select a CI/CD template from the dropdown list. +1. Select **Save changes**. + +## Package Registry configuration + +### Maven Forwarding **(PREMIUM SELF)** + +GitLab administrators can disable the forwarding of Maven requests to [Maven Central](https://search.maven.org/). + +To disable forwarding Maven requests: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Package Registry** section. +1. Clear the checkbox **Forward Maven package requests to the Maven Registry if the packages are not found in the GitLab Package Registry**. +1. Select **Save changes**. + +### npm Forwarding **(PREMIUM SELF)** + +GitLab administrators can disable the forwarding of npm requests to [npmjs.com](https://www.npmjs.com/). + +To disable it: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Package Registry** section. +1. Clear the checkbox **Forward npm package requests to the npm Registry if the packages are not found in the GitLab Package Registry**. +1. Select **Save changes**. + +### PyPI Forwarding **(PREMIUM SELF)** + +GitLab administrators can disable the forwarding of PyPI requests to [pypi.org](https://pypi.org/). + +To disable it: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Package Registry** section. +1. Clear the checkbox **Forward PyPI package requests to the PyPI Registry if the packages are not found in the GitLab Package Registry**. +1. Select **Save changes**. + +### Package file size limits + +GitLab administrators can adjust the maximum allowed file size for each package type. + +To set the maximum file size: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand the **Package Registry** section. +1. Find the package type you would like to adjust. +1. Enter the maximum file size, in bytes. +1. Select **Save size limits**. + +## Restrict runner registration by all users in an instance + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22225) in GitLab 14.1. +> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5. + +GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI. + +When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs. + +By default, all members of a project and group are able to register runners. + +To restrict all users in an instance from registering runners: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. In the **Runner registration** section, clear the **Members of the project can register runners** and + **Members of the group can register runners** checkboxes to remove runner registration from the UI. +1. Select **Save changes**. + +NOTE: +After you disable runner registration by members of a project, the registration +token automatically rotates. The token is no longer valid and you must +use the new registration token for the project. + +## Restrict runner registration by all members in a group + +Prerequisites: + +- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance). + +GitLab administrators can adjust group permissions to restrict runner registration by group members. + +To restrict runner registration by members in a specific group: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Overview > Groups** and find your group. +1. Select **Edit**. +1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance). +1. Select **Save changes**. + +## Disable runner version management + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10. + +By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded). + +To disable your instance fetching this data: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > CI/CD**. +1. Expand **Runners**. +1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox. +1. Select **Save changes**. + +## Troubleshooting + +### 413 Request Entity Too Large + +When build jobs fail with the following error, +increase the [maximum artifacts size](#maximum-artifacts-size). + +```plaintext +Uploading artifacts as "archive" to coordinator... too large archive <job-id> responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to <object-storage>. +``` diff --git a/doc/administration/settings/email.md b/doc/administration/settings/email.md new file mode 100644 index 00000000000..e4972897aab --- /dev/null +++ b/doc/administration/settings/email.md @@ -0,0 +1,125 @@ +--- +type: reference +stage: Plan +group: Project Management +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +--- + +# Email **(FREE SELF)** + +You can customize some of the content in emails sent from your GitLab instance. + +## Custom logo + +The logo in the header of some emails can be customized, see the [logo customization section](../../administration/appearance.md#navigation-bar). + +## Include author name in email notification email body **(PREMIUM SELF)** + +By default, GitLab overrides the email address in notification emails with the email address +of the issue, merge request, or comment author. Enable this setting to include the author's email +address in the body of the email instead. + +To include the author's email address in the email body: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Select the **Include author name in email notification email body** checkbox. +1. Select **Save changes**. + +## Enable multipart email **(PREMIUM SELF)** + +GitLab can send email in multipart format (HTML and plain text) or plain text only. + +To enable multipart email: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Select **Enable multipart email**. +1. Select **Save changes**. + +## Custom hostname for private commit emails **(PREMIUM SELF)** + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22560) in GitLab 11.5. + +This configuration option sets the email hostname for [private commit emails](../../user/profile/index.md#use-an-automatically-generated-private-commit-email). + By default it is set to `users.noreply.YOUR_CONFIGURED_HOSTNAME`. + +To change the hostname used in private commit emails: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Enter the desired hostname in the **Custom hostname (for private commit emails)** field. +1. Select **Save changes**. + +NOTE: +After the hostname is configured, every private commit email using the previous hostname is not +recognized by GitLab. This can directly conflict with certain [Push rules](../../user/project/repository/push_rules.md) such as +`Check whether author is a GitLab user` and `Check whether committer is the current authenticated user`. + +## Custom additional text **(PREMIUM SELF)** + +You can add additional text at the bottom of any email that GitLab sends. This additional text +can be used for legal, auditing, or compliance reasons, for example. + +To add additional text to emails: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Enter your text in the **Additional text** field. +1. Select **Save changes**. + +## User deactivation emails + +GitLab sends email notifications to users when their account has been deactivated. + +To disable these notifications: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Clear the **Enable user deactivation emails** checkbox. +1. Select **Save changes**. + +### Custom additional text in deactivation emails **(FREE SELF)** + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355964) in GitLab 15.9 [with a flag](../../administration/feature_flags.md) named `deactivation_email_additional_text`. Disabled by default. +> - [Enabled on self-managed and GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111882) in GitLab 15.9. + +FLAG: +On self-managed GitLab, by default this feature is available. To hide the feature, ask an +administrator to [disable the feature flag](../../administration/feature_flags.md) named +`deactivation_email_additional_text`. + +You can add additional text at the bottom of the email that GitLab sends to users when their account +is deactivated. This email text is separate from the [custom additional text](#custom-additional-text) +setting. + +To add additional text to deactivation emails: + +1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). +1. Select **Admin Area**. +1. Select **Settings > Preferences**. +1. Expand **Email**. +1. Enter your text in the **Additional text for deactivation email** field. +1. Select **Save changes**. + +<!-- ## Troubleshooting + +Include any troubleshooting steps that you can foresee. If you know beforehand what issues +one might have when setting this up, or when something is changed, or on upgrading, it's +important to describe those, too. Think of things that may go wrong and include them here. +This is important to minimize requests for support, and to avoid doc comments with +questions that you know someone might ask. + +Each scenario can be a third-level heading, for example `### Getting error message X`. +If you have none to add when creating a doc, leave this section in place +but commented out to help encourage others to add to it in the future. --> diff --git a/doc/administration/settings/index.md b/doc/administration/settings/index.md index bc204250b41..a2c935e2318 100644 --- a/doc/administration/settings/index.md +++ b/doc/administration/settings/index.md @@ -58,12 +58,12 @@ The **General** settings contain: The **CI/CD** settings contain: -- [Continuous Integration and Deployment](../../user/admin_area/settings/continuous_integration.md) - +- [Continuous Integration and Deployment](../../administration/settings/continuous_integration.md) - Auto DevOps, runners and job artifacts. -- [Required pipeline configuration](../../user/admin_area/settings/continuous_integration.md#required-pipeline-configuration) - +- [Required pipeline configuration](../../administration/settings/continuous_integration.md#required-pipeline-configuration) - Set an instance-wide auto included [pipeline configuration](../../ci/yaml/index.md). This pipeline configuration is run after the project's own configuration. -- [Package Registry](../../user/admin_area/settings/continuous_integration.md#package-registry-configuration) - +- [Package Registry](../../administration/settings/continuous_integration.md#package-registry-configuration) - Settings related to the use and experience of using the GitLab Package Registry. Some [risks are involved](../../user/packages/container_registry/reduce_container_registry_storage.md#use-with-external-container-registries) in enabling some of these settings. diff --git a/doc/api/search.md b/doc/api/search.md index f7fa7babe71..b412d86a613 100644 --- a/doc/api/search.md +++ b/doc/api/search.md @@ -292,7 +292,8 @@ Example response: "id": null, "ref": "master", "startline": 5, - "project_id": 6 + "project_id": 6, + "group_id": null } ] ``` @@ -682,7 +683,8 @@ Example response: "id": null, "ref": "master", "startline": 5, - "project_id": 6 + "project_id": 6, + "group_id": 1 } ] ``` @@ -1094,7 +1096,8 @@ Example response: "id": null, "ref": "master", "startline": 5, - "project_id": 6 + "project_id": 6, + "group_id": 1 } ] ``` diff --git a/doc/architecture/blueprints/ci_data_decay/index.md b/doc/architecture/blueprints/ci_data_decay/index.md index 2eac27def18..25ce71a3a6f 100644 --- a/doc/architecture/blueprints/ci_data_decay/index.md +++ b/doc/architecture/blueprints/ci_data_decay/index.md @@ -55,7 +55,7 @@ of the primary database, to a different storage, that is more performant and cost effective. It is already possible to prevent processing builds -[that have been archived](../../../user/admin_area/settings/continuous_integration.md#archive-jobs). +[that have been archived](../../../administration/settings/continuous_integration.md#archive-jobs). When a build gets archived it will not be possible to retry it, but we still do keep all the processing metadata in the database, and it consumes resources that are scarce in the primary database. diff --git a/doc/ci/components/index.md b/doc/ci/components/index.md index c6659e7b7de..6df258d117b 100644 --- a/doc/ci/components/index.md +++ b/doc/ci/components/index.md @@ -178,6 +178,167 @@ For example, for a component repository located at `gitlab-org/dast` on `gitlab. - If a tag is named the same as a commit SHA that exists, like `e3262fdd0914fa823210cdb79a8c421e2cef79d8`, the commit SHA takes precedence over the tag. +### Best practices + +#### Avoid using global keywords + +When using [global keywords](../yaml/index.md#global-keywords) all jobs in the +pipeline are affected. Using these keywords in a component affects all jobs in a +pipeline, whether they are directly defined in the main `.gitlab-ci.yml` or +in any included components. + +To make the composition of pipelines more deterministic, either: + +- Duplicate the default configuration for each job. +- Use [`extends`](../yaml/index.md#extends) feature within the component. + +```yaml +## +# BAD +default: + image: ruby:3.0 + +rspec: + script: bundle exec rspec +``` + +```yaml +## +# GOOD +rspec: + image: ruby:3.0 + script: bundle exec rspec +``` + +#### Replace hard-coded values with inputs + +A typical hard-coded value found in CI templates is `stage:` value. Such hard coded values may force the user +of the component to know and adapt the pipeline to such implementation details. + +For example, if `stage: test` is hard-coded for a job in a component, the pipeline using the component must +define the `test` stage. Additionally, if the user of the component want to customize the stage value it has +to override the configuration: + +```yaml +## +# BAD: In order to use different stage name you need to override all the jobs +# included by the component. +include: + - component: gitlab.com/gitlab-org/ruby-test@1.0 + +stages: [verify, deploy] + +unit-test: + stage: verify + +integration-test: + stage: verify +``` + +```yaml +## +# BAD: In order to use the component correctly you need to define the stage +# that is hard-coded in it. +include: + - component: gitlab.com/gitlab-org/ruby-test@1.0 + +stages: [test, deploy] +``` + +To improve this we can use [input parameters](../yaml/includes.md#define-input-parameters-with-specinputs) +allowing the user of a component to inject values that can be customized: + +```yaml +## +# GOOD: We don't need to know the implementation details of a component and instead we can +# rely on the inputs. +include: + - component: gitlab.com/gitlab-org/ruby-test@1.0 + inputs: + stage: verify + +stages: [verify, deploy] + +## +# inside the component YAML: +spec: + inputs: + stage: + default: test +--- +unit-test: + stage: $[[ inputs.stage ]] + script: echo unit tests + +integration-test: + stage: $[[ inputs.stage ]] + script: echo integration tests +``` + +#### Prefer inputs over variables + +If variables are only used for YAML evaluation (for example `rules`) and not by the Runner +execution, it's advised to use inputs instead. +Inputs are explicitly defined in the component's contract and they are better validated +than variables. + +For example, if a required input is not passed an error is returned as soon as the component +is being used. By contrast, if a variable is not defined, it's value is empty. + +```yaml +## +# BAD: you need to configure an environment variable for a custom value that doesn't need +# to be used on the Runner +unit-test: + image: $MY_COMPONENT_X_IMAGE + script: echo unit tests + +integration-test: + image: $MY_COMPONENT_X_IMAGE + script: echo integration tests + +## +# Usage: +include: + - component: gitlab.com/gitlab-org/ruby-test@1.0 + +variables: + MY_COMPONENT_X_IMAGE: ruby:3.2 +``` + +```yaml +## +# GOOD: we define a customizable value and accept it as input +spec: + inputs: + image: + default: ruby:3.0 +--- +unit-test: + image: $[[ inputs.image ]] + script: echo unit tests + +integration-test: + image: $[[ inputs.image ]] + script: echo integration tests + +## +# Usage: +include: + - component: gitlab.com/gitlab-org/ruby-test@1.0 + inputs: + image: ruby:3.2 +``` + +#### Use semantic versioning + +When tagging and releasing new versions of components we recommend using [semantic versioning](https://semver.org) +which is the standard for communicating bugfixes, minor and major or breaking changes. + +We recommend adopting at least the `MAJOR.MINOR` format. + +For example: `2.1`, `1.0.0`, `1.0.0-alpha`, `2.1.3`, `3.0.0-rc.1`. + ## CI/CD Catalog The CI/CD Catalog is a list of [components repositories](#components-repository), @@ -201,3 +362,15 @@ To mark a project as a catalog resource: NOTE: This action is not reversible. + +## Convert a CI template to component + +Any existing CI template, that you share with other projects via `include:` syntax, can be converted to a CI component. + +1. Decide whether you want the component to be part of an existing [components repository](#components-repository), + if you want to logically group components together. Create and setup a [components repository](#components-repository) otherwise. +1. Create a YAML file in the components repository according to the expected [directory structure](#directory-structure). +1. Copy the content of the template YAML file into the new component YAML file. +1. Refactor the component YAML to follow the [best practices](#best-practices) for components. +1. Leverage the `.gitlab-ci.yml` in the components repository to [test changes to the component](#test-a-component). +1. Tag and [release the component](#release-a-component). diff --git a/doc/ci/index.md b/doc/ci/index.md index bc50df620e5..a3106a2475c 100644 --- a/doc/ci/index.md +++ b/doc/ci/index.md @@ -104,7 +104,7 @@ GitLab CI/CD features, grouped by DevOps stage, include: | [Dynamic Application Security Testing](../user/application_security/dast/index.md) | Test your application's runtime behavior for vulnerabilities. | | [Dependency Scanning](../user/application_security/dependency_scanning/index.md) | Analyze your dependencies for known vulnerabilities. | | [Infrastructure as Code scanning](../user/application_security/iac_scanning/index.md) | Scan your IaC configuration files for known vulnerabilities. | -| [License Scanning](../user/compliance/license_scanning_of_cyclonedx_files/index.md) | Search your project dependencies for their licenses. | +| [License Compliance](../user/compliance/license_compliance/index.md) | Search your project dependencies for their licenses. | | [Secret Detection](../user/application_security/secret_detection/index.md) | Search your application's source code for secrets. | | [Static Application Security Testing](../user/application_security/sast/index.md) | Test your application's source code for known vulnerabilities. | | [Web API fuzz testing](../user/application_security/api_fuzzing/index.md) | Test your application's API behavior by providing randomized input. | diff --git a/doc/ci/jobs/job_artifacts.md b/doc/ci/jobs/job_artifacts.md index 770722a0713..3dd43a9760c 100644 --- a/doc/ci/jobs/job_artifacts.md +++ b/doc/ci/jobs/job_artifacts.md @@ -61,7 +61,7 @@ pdf: expire_in: 1 week ``` -If `expire_in` is not defined, the [instance-wide setting](../../user/admin_area/settings/continuous_integration.md#default-artifacts-expiration) +If `expire_in` is not defined, the [instance-wide setting](../../administration/settings/continuous_integration.md#default-artifacts-expiration) is used. To prevent artifacts from expiring, you can select **Keep** from the job details page. @@ -351,7 +351,7 @@ Artifacts in old pipelines continue to be kept until a new pipeline runs for the Then the artifacts in the earlier pipeline for that ref are allowed to expire too. You can disable this behavior for all projects on a self-managed instance in the -[instance's CI/CD settings](../../user/admin_area/settings/continuous_integration.md#keep-the-latest-artifacts-for-all-jobs-in-the-latest-successful-pipelines). +[instance's CI/CD settings](../../administration/settings/continuous_integration.md#keep-the-latest-artifacts-for-all-jobs-in-the-latest-successful-pipelines). When **Keep artifacts from most recent successful jobs** is enabled, artifacts are always kept for [blocked](job_control.md#types-of-manual-jobs) pipelines. These artifacts expire only after the blocking job is triggered and the pipeline completes. diff --git a/doc/ci/runners/runners_scope.md b/doc/ci/runners/runners_scope.md index 8551a783af4..664d255dcac 100644 --- a/doc/ci/runners/runners_scope.md +++ b/doc/ci/runners/runners_scope.md @@ -88,7 +88,7 @@ On GitLab.com, [shared runners](index.md) are enabled in all projects by default. On self-managed instances of GitLab, an administrator can -[enable them for all new projects](../../user/admin_area/settings/continuous_integration.md#enable-shared-runners-for-new-projects). +[enable them for all new projects](../../administration/settings/continuous_integration.md#enable-shared-runners-for-new-projects). For existing projects, an administrator must [install](https://docs.gitlab.com/runner/install/index.html) and @@ -434,7 +434,7 @@ You can edit a project runner from any of the projects it's enabled for. The modifications, which include unlocking and editing tags and the description, affect all projects that use the runner. -An administrator can [enable the runner for multiple projects](../../user/admin_area/settings/continuous_integration.md#enable-a-project-runner-for-multiple-projects). +An administrator can [enable the runner for multiple projects](../../administration/settings/continuous_integration.md#enable-a-project-runner-for-multiple-projects). ### Prevent a project runner from being enabled for other projects diff --git a/doc/ci/testing/index.md b/doc/ci/testing/index.md index 852dcaf206d..a8fb6d688d7 100644 --- a/doc/ci/testing/index.md +++ b/doc/ci/testing/index.md @@ -18,7 +18,7 @@ display reports or link to important information directly from [merge requests]( | [Code Quality](code_quality.md) | Analyze your source code quality using the [Code Climate](https://codeclimate.com/) analyzer and show the Code Climate report right in the merge request widget area. | | [Display arbitrary job artifacts](../yaml/index.md#artifactsexpose_as) | Configure CI pipelines with the `artifacts:expose_as` parameter to directly link to selected [artifacts](../jobs/job_artifacts.md) in merge requests. | | [Unit test reports](unit_test_reports.md) | Configure your CI jobs to use Unit test reports, and let GitLab display a report on the merge request so that it's easier and faster to identify the failure without having to check the entire job log. | -| [License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) | Manage the licenses of your dependencies. | +| [License Compliance](../../user/compliance/license_compliance/index.md) | Manage the licenses of your dependencies. | | [Metrics Reports](metrics_reports.md) | Display the Metrics Report on the merge request so that it's fast and easier to identify changes to important metrics. | | [Test Coverage visualization](test_coverage_visualization.md) | See test coverage results for merge requests, in the file diff. | | [Fail fast testing](fail_fast_testing.md) | Run a subset of your RSpec test suite, so failed tests stop the pipeline before the full suite of tests run, saving resources. | diff --git a/doc/ci/troubleshooting.md b/doc/ci/troubleshooting.md index e94ccfa6b2b..623589e2cbc 100644 --- a/doc/ci/troubleshooting.md +++ b/doc/ci/troubleshooting.md @@ -164,7 +164,7 @@ blocked the pipeline, or allowed the wrong pipeline type. ### Pipeline with many jobs fails to start -A Pipeline that has more jobs than the instance's defined [CI/CD limits](../user/admin_area/settings/continuous_integration.md#set-cicd-limits) +A Pipeline that has more jobs than the instance's defined [CI/CD limits](../administration/settings/continuous_integration.md#set-cicd-limits) fails to start. To reduce the number of jobs in your pipeline, you can split your `.gitlab-ci.yml` diff --git a/doc/ci/yaml/artifacts_reports.md b/doc/ci/yaml/artifacts_reports.md index 4882532f98f..37cb7efdf94 100644 --- a/doc/ci/yaml/artifacts_reports.md +++ b/doc/ci/yaml/artifacts_reports.md @@ -249,12 +249,12 @@ concatenate them into a single file. Use either: > Introduced in GitLab 12.8. -The License Compliance report collects [Licenses](../../user/compliance/license_scanning_of_cyclonedx_files/index.md). The License +The License Compliance report collects [Licenses](../../user/compliance/license_compliance/index.md). The License Compliance report uploads to GitLab as an artifact. GitLab can display the results of one or more reports in: -- The merge request [license compliance widget](../../user/compliance/license_scanning_of_cyclonedx_files/index.md). +- The merge request [license compliance widget](../../user/compliance/license_compliance/index.md). - The [license list](../../user/compliance/license_list.md). ## `artifacts:reports:load_performance` **(PREMIUM)** diff --git a/doc/ci/yaml/includes.md b/doc/ci/yaml/includes.md index 503b9f164dd..3b6419dbff2 100644 --- a/doc/ci/yaml/includes.md +++ b/doc/ci/yaml/includes.md @@ -630,4 +630,4 @@ limit is reached. You can remove one included file at a time to try to narrow do which configuration file is the source of the loop or excessive included files. In [GitLab 16.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/207270) self-managed users can -change the [maximum includes](../../user/admin_area/settings/continuous_integration.md#maximum-includes) value. +change the [maximum includes](../../administration/settings/continuous_integration.md#maximum-includes) value. diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md index c261c7d05d1..f946a7fd7a9 100644 --- a/doc/ci/yaml/index.md +++ b/doc/ci/yaml/index.md @@ -163,7 +163,7 @@ The time limit to resolve all files is 30 seconds. pipeline run, the new pipeline uses the changed configuration. - You can have up to 150 includes per pipeline by default, including [nested](includes.md#use-nested-includes). Additionally: - In [GitLab 16.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/207270) self-managed users can - change the [maximum includes](../../user/admin_area/settings/continuous_integration.md#maximum-includes) value. + change the [maximum includes](../../administration/settings/continuous_integration.md#maximum-includes) value. - In [GitLab 15.10 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/367150) you can have up to 150 includes. In nested includes, the same file can be included multiple times, but duplicated includes count towards the limit. @@ -353,7 +353,7 @@ The order of the items in `stages` defines the execution order for jobs: If a pipeline contains only jobs in the `.pre` or `.post` stages, it does not run. There must be at least one other job in a different stage. `.pre` and `.post` stages -can be used in [required pipeline configuration](../../user/admin_area/settings/continuous_integration.md#required-pipeline-configuration) +can be used in [required pipeline configuration](../../administration/settings/continuous_integration.md#required-pipeline-configuration) to define compliance jobs that must run before or after project pipeline jobs. **Keyword type**: Global keyword. @@ -843,7 +843,7 @@ they expire and are deleted. The `expire_in` setting does not affect: - Artifacts from the latest job, unless keeping the latest job artifacts is disabled [at the project level](../jobs/job_artifacts.md#keep-artifacts-from-most-recent-successful-jobs). - or [instance-wide](../../user/admin_area/settings/continuous_integration.md#keep-the-latest-artifacts-for-all-jobs-in-the-latest-successful-pipelines). + or [instance-wide](../../administration/settings/continuous_integration.md#keep-the-latest-artifacts-for-all-jobs-in-the-latest-successful-pipelines). After their expiry, artifacts are deleted hourly by default (using a cron job), and are not accessible anymore. @@ -875,7 +875,7 @@ job: **Additional details**: - The expiration time period begins when the artifact is uploaded and stored on GitLab. - If the expiry time is not defined, it defaults to the [instance wide setting](../../user/admin_area/settings/continuous_integration.md#default-artifacts-expiration). + If the expiry time is not defined, it defaults to the [instance wide setting](../../administration/settings/continuous_integration.md#default-artifacts-expiration). - To override the expiration date and protect artifacts from being automatically deleted: - Select **Keep** on the job page. - [In GitLab 13.3 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/22761), set the value of diff --git a/doc/development/fips_compliance.md b/doc/development/fips_compliance.md index a1d98795b7c..bab4d7705f9 100644 --- a/doc/development/fips_compliance.md +++ b/doc/development/fips_compliance.md @@ -60,6 +60,7 @@ listed here that also do not work properly in FIPS mode: - [Code Quality](../ci/testing/code_quality.md) does not support operating in FIPS-compliant mode. - [Dependency scanning](../user/application_security/dependency_scanning/index.md) support for Gradle. - [Dynamic Application Security Testing (DAST)](../user/application_security/dast/proxy-based.md) supports a reduced set of analyzers. The proxy-based analyzer is not available in FIPS mode today, however browser-based DAST, DAST API, and DAST API Fuzzing images are available. +- [License compliance](../user/compliance/license_compliance/index.md). - [Solutions for vulnerabilities](../user/application_security/vulnerabilities/index.md#resolve-a-vulnerability) for yarn projects. - [Static Application Security Testing (SAST)](../user/application_security/sast/index.md) diff --git a/doc/development/go_guide/index.md b/doc/development/go_guide/index.md index 7648e84f5e8..e51542649bb 100644 --- a/doc/development/go_guide/index.md +++ b/doc/development/go_guide/index.md @@ -146,7 +146,8 @@ Go GitLab linter plugins are maintained in the [`gitlab-org/language-tools/go/li Dependencies should be kept to the minimum. The introduction of a new dependency should be argued in the merge request, as per our [Approval Guidelines](../code_review.md#approval-guidelines). -[Dependency Scanning](../../user/application_security/dependency_scanning/index.md) +Both [License Scanning](../../user/compliance/license_compliance/index.md) +and [Dependency Scanning](../../user/application_security/dependency_scanning/index.md) should be activated on all projects to ensure new dependencies security status and license compatibility. diff --git a/doc/development/internal_analytics/service_ping/troubleshooting.md b/doc/development/internal_analytics/service_ping/troubleshooting.md index 4cbcefaefdd..7f7b4099d48 100644 --- a/doc/development/internal_analytics/service_ping/troubleshooting.md +++ b/doc/development/internal_analytics/service_ping/troubleshooting.md @@ -22,7 +22,9 @@ You can use [this query](https://gitlab.com/gitlab-org/gitlab/-/issues/347298#no ### Troubleshoot the GitLab application layer -For results about an investigation conducted into an unexpected drop in Service ping Payload events volume, see [this issue](https://gitlab.com/gitlab-data/analytics/-/issues/11071). +We conducted an investigation into an unexpected drop in Service ping Payload events volume. +GitLab team members can view more information in this confidential issue: +`https://gitlab.com/gitlab-data/analytics/-/issues/11071` ### Troubleshoot VersionApp layer diff --git a/doc/development/internal_analytics/snowplow/troubleshooting.md b/doc/development/internal_analytics/snowplow/troubleshooting.md index e274a4da926..2f59543e0f4 100644 --- a/doc/development/internal_analytics/snowplow/troubleshooting.md +++ b/doc/development/internal_analytics/snowplow/troubleshooting.md @@ -42,7 +42,9 @@ or even a result of a public holiday in some regions of the world with a larger 1. Check (via [Grafana explore tab](https://dashboards.gitlab.net/explore) ) following Prometheus counters `gitlab_snowplow_events_total`, `gitlab_snowplow_failed_events_total` and `gitlab_snowplow_successful_events_total` to see how many events were fired correctly from GitLab.com. Example query to use `sum(rate(gitlab_snowplow_successful_events_total{env="gprd"}[5m])) / sum(rate(gitlab_snowplow_events_total{env="gprd"}[5m]))` would chart rate at which number of good events rose in comparison to events sent in total. If number drops from 1 it means that problem might be in communication between GitLab and AWS collectors fleet. 1. Check [logs in Kibana](https://log.gprd.gitlab.net/app/discover#) and filter with `{ "query": { "match_phrase": { "json.message": "failed to be reported to collector at" } } }` if there are some failed events logged -For results about an investigation conducted into an unexpected drop in snowplow events volume, see [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/335206). +We conducted an investigation into an unexpected drop in snowplow events volume. + +GitLab team members can view more information in this confidential issue: `https://gitlab.com/gitlab-org/gitlab/-/issues/335206` ### Troubleshooting AWS layer diff --git a/doc/development/sec/analyzer_development_guide.md b/doc/development/sec/analyzer_development_guide.md index c76b7f5e55f..af8d1758713 100644 --- a/doc/development/sec/analyzer_development_guide.md +++ b/doc/development/sec/analyzer_development_guide.md @@ -342,7 +342,7 @@ This issue will guide you through the whole release process. In general, you hav - Check the list of supported technologies in GitLab documentation. - [Supported languages in SAST](../../user/application_security/sast/index.md#supported-languages-and-frameworks) - [Supported languages in DS](../../user/application_security/dependency_scanning/index.md#supported-languages-and-package-managers) - - [Supported languages in LS](../../user/compliance/license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers) + - [Supported languages in LM](../../user/compliance/license_compliance/index.md#supported-languages-and-package-managers) - Check that CI **_job definitions are still accurate_** in vendored CI/CD templates and **_all of the ENV vars are propagated_** to the Docker containers upon `docker run` per tool. diff --git a/doc/install/openshift_and_gitlab/index.md b/doc/install/openshift_and_gitlab/index.md index 0889645f811..4f3df3ecff8 100644 --- a/doc/install/openshift_and_gitlab/index.md +++ b/doc/install/openshift_and_gitlab/index.md @@ -31,7 +31,7 @@ The GitLab Operator does not include the GitLab Runner. To install and manage a ### Secure -- [License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) is supported on OpenShift. +- [License Compliance via the `License-Scanning.gitlab-ci.yml` CI/CD template](../../user/compliance/license_compliance/index.md). [License scanning of CycloneDX files](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) is supported on OpenShift. - [Code Quality scanning](../../ci/testing/code_quality.md) - [Operational Container Scanning](../../user/clusters/agent/vulnerabilities.md) (Note: Pipeline [Container Scanning](../../user/application_security/container_scanning/index.md) is supported) diff --git a/doc/raketasks/index.md b/doc/raketasks/index.md index 18035748d0c..e998c97a4d7 100644 --- a/doc/raketasks/index.md +++ b/doc/raketasks/index.md @@ -37,7 +37,7 @@ The following Rake tasks are available for use with GitLab: | [Sidekiq job migration](../administration/sidekiq/sidekiq_job_migration.md) | Migrate Sidekiq jobs scheduled for future dates to a new queue. | | [Service Desk email](../administration/raketasks/service_desk_email.md) | Service Desk email-related tasks. | | [SMTP maintenance](../administration/raketasks/smtp.md) | SMTP-related tasks. | -| [SPDX license list import](spdx.md) | Import a local copy of the [SPDX license list](https://spdx.org/licenses/) for matching [License Approval policies](../user/compliance/license_approval_policies.md). | +| [SPDX license list import](spdx.md) | Import a local copy of the [SPDX license list](https://spdx.org/licenses/) for matching [License Compliance policies](../user/compliance/license_compliance/index.md). | | [Repository storage](../administration/raketasks/storage.md) | List and migrate existing projects and attachments from legacy storage to hashed storage. | | [Reset user passwords](../security/reset_user_password.md#use-a-rake-task) | Reset user passwords using Rake. | | [Uploads migrate](../administration/raketasks/uploads/migrate.md) | Migrate uploads between local storage and object storage. | diff --git a/doc/raketasks/spdx.md b/doc/raketasks/spdx.md index 423bd909982..608139fa404 100644 --- a/doc/raketasks/spdx.md +++ b/doc/raketasks/spdx.md @@ -7,7 +7,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # SPDX license list import Rake task **(ULTIMATE SELF)** GitLab provides a Rake task for uploading a fresh copy of the [SPDX license list](https://spdx.org/licenses/) -to a GitLab instance. This list is needed for matching the names of [License approval policies](../user/compliance/license_approval_policies.md). +to a GitLab instance. This list is needed for matching the names of [License Compliance policies](../user/compliance/license_compliance/index.md). To import a fresh copy of the PDX license list, run: diff --git a/doc/security/webhooks.md b/doc/security/webhooks.md index 13b34d28614..78c32341bf6 100644 --- a/doc/security/webhooks.md +++ b/doc/security/webhooks.md @@ -155,7 +155,7 @@ Most GitLab instances have their `public_runner_releases_url` set to `https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab-runner/releases`, which can prevent you from [filtering requests](#filter-requests). -To resolve this issue, [configure GitLab to no longer fetch runner release version data from GitLab.com](../user/admin_area/settings/continuous_integration.md#disable-runner-version-management). +To resolve this issue, [configure GitLab to no longer fetch runner release version data from GitLab.com](../administration/settings/continuous_integration.md#disable-runner-version-management). ### GitLab subscription management is blocked diff --git a/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md b/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md index a09de9b33c2..b85b99d1874 100644 --- a/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md +++ b/doc/topics/autodevops/cloud_deployments/auto_devops_with_eks.md @@ -180,7 +180,7 @@ The jobs are separated into stages: - The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection)) - The `license_scanning` job searches the application's dependencies to determine each of their licenses and is allowed to fail - ([Auto License Scanning](../stages.md#auto-license-scanning)) + ([Auto License Compliance](../stages.md#auto-license-compliance)) - **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job. To learn more, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md). diff --git a/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md b/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md index a615d4c5050..f6a6c16e010 100644 --- a/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md +++ b/doc/topics/autodevops/cloud_deployments/auto_devops_with_gke.md @@ -184,7 +184,7 @@ The jobs are separated into stages: - The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](../stages.md#auto-secret-detection)) - The `license_scanning` job searches the application's dependencies to determine each of their licenses and is allowed to fail - ([Auto License Scanning](../stages.md#auto-license-scanning)) + ([Auto License Compliance](../stages.md#auto-license-compliance)) - **Review** - Pipelines on the default branch include this stage with a `dast_environment_deploy` job. For more information, see [Dynamic Application Security Testing (DAST)](../../../user/application_security/dast/index.md). diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md index df06d96bdc5..d5ebd4e9fcb 100644 --- a/doc/topics/autodevops/index.md +++ b/doc/topics/autodevops/index.md @@ -37,7 +37,7 @@ Auto DevOps supports development during each of the [DevOps stages](stages.md). | Test | [Auto Code Intelligence](stages.md#auto-code-intelligence) | | Test | [Auto Code Quality](stages.md#auto-code-quality) | | Test | [Auto Container Scanning](stages.md#auto-container-scanning) | -| Test | [Auto License Scanning](stages.md#auto-license-scanning) | +| Test | [Auto License Compliance](stages.md#auto-license-compliance) | | Deploy | [Auto Review Apps](stages.md#auto-review-apps) | | Deploy | [Auto Deploy](stages.md#auto-deploy) | | Secure | [Auto Dynamic Application Security Testing (DAST)](stages.md#auto-dast) | @@ -174,7 +174,7 @@ To enable Auto DevOps for your instance: When enabled, Auto DevOps attempts to run pipelines in every project. If the pipeline fails in a particular project, it disables itself. -GitLab administrators can change this in the [Auto DevOps settings](../../user/admin_area/settings/continuous_integration.md#auto-devops). +GitLab administrators can change this in the [Auto DevOps settings](../../administration/settings/continuous_integration.md#auto-devops). If a [CI/CD configuration file](../../ci/yaml/index.md) is present, it remains unchanged and Auto DevOps does not affect it. diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index a9ea7a4208d..6be8a71cdbc 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -240,15 +240,20 @@ check out. The merge request widget displays any security warnings detected, For more information, see [Dependency Scanning](../../user/application_security/dependency_scanning/index.md). -## Auto License Scanning **(ULTIMATE)** +## Auto License Compliance **(ULTIMATE)** -License Scanning detects licenses in project dependencies using the -CycloneDX Software Bill of Materials (SBOM) file generated by Dependency -Scanning. License approval policies enforces approved licenses in a project. +> Introduced in GitLab 11.0. + +License Compliance uses the +[License Compliance Docker image](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder) +to search the project dependencies for their license. The Auto License Compliance stage +is skipped on licenses other than [Ultimate](https://about.gitlab.com/pricing/). + +After creating the report, it's uploaded as an artifact which you can later download and +check out. The merge request displays any detected licenses. For more information, see -[License Scanning](../../user/compliance/license_scanning_of_cyclonedx_files/index.md) and -[License Approval Policies](../../user/compliance/license_approval_policies.md). +[License Compliance](../../user/compliance/license_compliance/index.md). ## Auto Container Scanning diff --git a/doc/topics/manage_code.md b/doc/topics/manage_code.md index e37be90c0d6..136e471d14a 100644 --- a/doc/topics/manage_code.md +++ b/doc/topics/manage_code.md @@ -6,5 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w # Manage your code **(FREE)** +Store your source files in a repository, and make changes to them by using merge requests. + - [Repositories](../user/project/repository/index.md) - [Merge requests](../user/project/merge_requests/index.md) diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md index dc3df92e598..72cf369146e 100644 --- a/doc/user/admin_area/settings/continuous_integration.md +++ b/doc/user/admin_area/settings/continuous_integration.md @@ -1,429 +1,11 @@ --- -stage: Verify -group: Pipeline Execution -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments -type: reference +redirect_to: '../../../administration/settings/continuous_integration.md' +remove_date: '2023-10-13' --- -# Continuous Integration and Deployment Admin Area settings **(FREE SELF)** +This document was moved to [another location](../../../administration/settings/continuous_integration.md). -The [Admin Area](index.md) has the instance settings for Auto DevOps, runners, and -job artifacts. - -## Auto DevOps - -To enable (or disable) [Auto DevOps](../../../topics/autodevops/index.md) -for all projects: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**. -1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/requirements.md#auto-devops-base-domain) - which is used for Auto Deploy and Auto Review Apps. -1. Select **Save changes** for the changes to take effect. - -From now on, every existing project and newly created ones that don't have a -`.gitlab-ci.yml` use the Auto DevOps pipelines. - -If you want to disable it for a specific project, you can do so in -[its settings](../../../topics/autodevops/index.md#enable-or-disable-auto-devops). - -## Enable shared runners for new projects - -You can set all new projects to have the instance's shared runners available by default. - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand **Continuous Integration and Deployment**. -1. Select the **Enable shared runners for new projects** checkbox. - -Any time a new project is created, the shared runners are available. - -## Shared runners compute quota - -As an administrator you can set either a global or namespace-specific -limit on the number of [compute minutes](../../../ci/pipelines/cicd_minutes.md) you can use. - -## Enable a project runner for multiple projects - -If you have already registered a [project runner](../../../ci/runners/runners_scope.md#project-runners) -you can assign that runner to other projects. - -To enable a project runner for more than one project: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. From the left sidebar, select **CI/CD > Runners**. -1. Select the runner you want to edit. -1. In the upper-right corner, select **Edit** (**{pencil}**). -1. Under **Restrict projects for this runner**, search for a project. -1. To the left of the project, select **Enable**. -1. Repeat this process for each additional project. - -## Add a message for shared runners - -To display details about the instance's shared runners in all projects' -runner settings: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand **Continuous Integration and Deployment**. -1. Enter text, including Markdown if you want, in the **Shared runner details** field. For example: - -  - -To view the rendered details: - -1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project or group. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. - - - -## Maximum artifacts size - -The maximum size of the [job artifacts](../../../administration/job_artifacts.md) -can be set at: - -- The instance level. -- [From GitLab 12.4](https://gitlab.com/gitlab-org/gitlab/-/issues/21688), the project and group level. - -For the setting on GitLab.com, see [Artifacts maximum size](../../gitlab_com/index.md#gitlab-cicd). - -The value is in MB and the default is 100 MB per job. To change it at the: - -- Instance level: - - 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). - 1. Select **Admin Area**. - 1. On the left sidebar, select **Settings > CI/CD > Continuous Integration and Deployment**. - 1. Change the value of **Maximum artifacts size (MB)**. - 1. Select **Save changes** for the changes to take effect. - -- Group level (this overrides the instance setting): - - 1. Go to the group's **Settings > CI/CD > General Pipelines**. - 1. Change the value of **Maximum artifacts size** (in MB). - 1. Select **Save changes** for the changes to take effect. - -- Project level (this overrides the instance and group settings): - - 1. Go to the project's **Settings > CI/CD > General Pipelines**. - 1. Change the value of **maximum artifacts size** (in MB). - 1. Select **Save changes** for the changes to take effect. - -NOTE: -The setting at all levels is only available to GitLab administrators. - -## Default artifacts expiration - -The default expiration time of the [job artifacts](../../../administration/job_artifacts.md) -can be set in the Admin Area of your GitLab instance. The syntax of duration is -described in [`artifacts:expire_in`](../../../ci/yaml/index.md#artifactsexpire_in) -and the default value is `30 days`. - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Change the value of default expiration time. -1. Select **Save changes** for the changes to take effect. - -This setting is set per job and can be overridden in -[`.gitlab-ci.yml`](../../../ci/yaml/index.md#artifactsexpire_in). -To disable the expiration, set it to `0`. The default unit is in seconds. - -NOTE: -Any changes to this setting applies to new artifacts only. The expiration time is not -be updated for artifacts created before this setting was changed. -The administrator may need to manually search for and expire previously-created -artifacts, as described in the [troubleshooting documentation](../../../administration/job_artifacts.md#delete-job-artifacts-from-jobs-completed-before-a-specific-date). - -## Keep the latest artifacts for all jobs in the latest successful pipelines - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50889) in GitLab 13.9. - -When enabled (default), the artifacts of the most recent pipeline for each Git ref -([branches and tags](https://git-scm.com/book/en/v2/Git-Internals-Git-References)) -are locked against deletion and kept regardless of the expiry time. - -When disabled, the latest artifacts for any **new** successful or fixed pipelines -are allowed to expire. - -This setting takes precedence over the [project level setting](../../../ci/jobs/job_artifacts.md#keep-artifacts-from-most-recent-successful-jobs). -If disabled at the instance level, you cannot enable this per-project. - -To disable the setting: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand **Continuous Integration and Deployment**. -1. Clear the **Keep the latest artifacts for all jobs in the latest successful pipelines** checkbox. -1. Select **Save changes** - -When you disable the feature, the latest artifacts do not immediately expire. -A new pipeline must run before the latest artifacts can expire and be deleted. - -NOTE: -All application settings have a [customizable cache expiry interval](../../../administration/application_settings_cache.md) which can delay the settings affect. - -## Archive jobs - -Archiving jobs is useful for reducing the CI/CD footprint on the system by removing some -of the capabilities of the jobs (metadata stored in the database needed to run the job), -but persisting the traces and artifacts for auditing purposes. - -To set the duration for which the jobs are considered as old and expired: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Continuous Integration and Deployment** section. -1. Set the value of **Archive jobs**. -1. Select **Save changes** for the changes to take effect. - -After that time passes, the jobs are archived in the background and no longer able to be -retried. Make it empty to never expire jobs. It has to be no less than 1 day, -for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>. - -For the value set for GitLab.com, see [Scheduled job archiving](../../gitlab_com/index.md#gitlab-cicd). - -## Protect CI/CD variables by default - -To set all new [CI/CD variables](../../../ci/variables/index.md) as -[protected](../../../ci/variables/index.md#protect-a-cicd-variable) by default: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Select **Protect CI/CD variables by default**. - -## Maximum includes - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207270) in GitLab 16.0. - -The maximum number of [includes](../../../ci/yaml/includes.md) per pipeline can be set at the instance level. -The default is `150`. - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Change the value of **Maximum includes**. -1. Select **Save changes** for the changes to take effect. - -## Default CI/CD configuration file - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18073) in GitLab 12.5. - -The default CI/CD configuration file and path for new projects can be set in the Admin Area -of your GitLab instance (`.gitlab-ci.yml` if not set): - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Input the new file and path in the **Default CI/CD configuration file** field. -1. Select **Save changes** for the changes to take effect. - -It is also possible to specify a [custom CI/CD configuration file for a specific project](../../../ci/pipelines/settings.md#specify-a-custom-cicd-configuration-file). - -## Set CI/CD limits - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/352175) in GitLab 14.10. - -You can configure some [CI/CD limits](../../../administration/instance_limits.md#cicd-limits) -from the Admin Area: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Continuous Integration and Deployment** section. -1. In the **CI/CD limits** section, you can set the following limits: - - **Maximum number of jobs in a single pipeline** - - **Total number of jobs in currently active pipelines** - - **Maximum number of active pipelines per project** - - **Maximum number of pipeline subscriptions to and from a project** - - **Maximum number of pipeline schedules** - - **Maximum number of DAG dependencies that a job can have** - - **Maximum number of runners registered per group** - - **Maximum number of runners registered per project** - - **Maximum number of downstream pipelines in a pipeline's hierarchy tree** - -## Enable or disable the pipeline suggestion banner - -By default, a banner displays in merge requests with no pipeline suggesting a -walkthrough on how to add one. - - - -To enable or disable the banner: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Select or clear the **Enable pipeline suggestion banner** checkbox. -1. Select **Save changes**. - -## Required pipeline configuration **(ULTIMATE SELF)** - -> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/352316) from GitLab Premium to GitLab Ultimate in 15.0. -> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/389467) in GitLab 15.9. - -WARNING: -This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/389467) in GitLab 15.9 -and is planned for removal in 17.0. Use [compliance pipelines](../../group/compliance_frameworks.md#compliance-pipelines) -instead. This change is a breaking change. - -You can set a [CI/CD template](../../../ci/examples/index.md#cicd-templates) -as a required pipeline configuration for all projects on a GitLab instance. You can -use a template from: - -- The default CI/CD templates. -- A custom template stored in an [instance template repository](instance_template_repository.md). - - NOTE: - When you use a configuration defined in an instance template repository, - nested [`include:`](../../../ci/yaml/index.md#include) keywords - (including `include:file`, `include:local`, `include:remote`, and `include:template`) - [do not work](https://gitlab.com/gitlab-org/gitlab/-/issues/35345). - -The project CI/CD configuration merges into the required pipeline configuration when -a pipeline runs. The merged configuration is the same as if the required pipeline configuration -added the project configuration with the [`include` keyword](../../../ci/yaml/index.md#include). -To view a project's full merged configuration, [View full configuration](../../../ci/pipeline_editor/index.md#view-full-configuration) -in the pipeline editor. - -To select a CI/CD template for the required pipeline configuration: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Required pipeline configuration** section. -1. Select a CI/CD template from the dropdown list. -1. Select **Save changes**. - -## Package Registry configuration - -### Maven Forwarding **(PREMIUM SELF)** - -GitLab administrators can disable the forwarding of Maven requests to [Maven Central](https://search.maven.org/). - -To disable forwarding Maven requests: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Package Registry** section. -1. Clear the checkbox **Forward Maven package requests to the Maven Registry if the packages are not found in the GitLab Package Registry**. -1. Select **Save changes**. - -### npm Forwarding **(PREMIUM SELF)** - -GitLab administrators can disable the forwarding of npm requests to [npmjs.com](https://www.npmjs.com/). - -To disable it: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Package Registry** section. -1. Clear the checkbox **Forward npm package requests to the npm Registry if the packages are not found in the GitLab Package Registry**. -1. Select **Save changes**. - -### PyPI Forwarding **(PREMIUM SELF)** - -GitLab administrators can disable the forwarding of PyPI requests to [pypi.org](https://pypi.org/). - -To disable it: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Package Registry** section. -1. Clear the checkbox **Forward PyPI package requests to the PyPI Registry if the packages are not found in the GitLab Package Registry**. -1. Select **Save changes**. - -### Package file size limits - -GitLab administrators can adjust the maximum allowed file size for each package type. - -To set the maximum file size: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand the **Package Registry** section. -1. Find the package type you would like to adjust. -1. Enter the maximum file size, in bytes. -1. Select **Save size limits**. - -## Restrict runner registration by all users in an instance - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22225) in GitLab 14.1. -> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/368008) in GitLab 15.5. - -GitLab administrators can adjust who is allowed to register runners, by showing and hiding areas of the UI. - -When the registration sections are hidden in the UI, members of the project or group must contact administrators to enable runner registration in the group or project. If you plan to prevent registration, ensure users have access to the runners they need to run jobs. - -By default, all members of a project and group are able to register runners. - -To restrict all users in an instance from registering runners: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. -1. In the **Runner registration** section, clear the **Members of the project can register runners** and - **Members of the group can register runners** checkboxes to remove runner registration from the UI. -1. Select **Save changes**. - -NOTE: -After you disable runner registration by members of a project, the registration -token automatically rotates. The token is no longer valid and you must -use the new registration token for the project. - -## Restrict runner registration by all members in a group - -Prerequisites: - -- Runner registration must be enabled for [all users in the instance](#restrict-runner-registration-by-all-users-in-an-instance). - -GitLab administrators can adjust group permissions to restrict runner registration by group members. - -To restrict runner registration by members in a specific group: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Overview > Groups** and find your group. -1. Select **Edit**. -1. Clear the **New group runners can be registered** checkbox if you want to disable runner registration by all members in the group. If the setting is read-only, you must enable runner registration for the [instance](#restrict-runner-registration-by-all-users-in-an-instance). -1. Select **Save changes**. - -## Disable runner version management - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114041) in GitLab 15.10. - -By default, GitLab instances periodically fetch official runner version data from GitLab.com to [determine whether the runners need upgrades](../../../ci/runners/runners_scope.md#determine-which-runners-need-to-be-upgraded). - -To disable your instance fetching this data: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > CI/CD**. -1. Expand **Runners**. -1. In the **Runner version management** section, clear the **Fetch GitLab Runner release version data from GitLab.com** checkbox. -1. Select **Save changes**. - -## Troubleshooting - -### 413 Request Entity Too Large - -When build jobs fail with the following error, -increase the [maximum artifacts size](#maximum-artifacts-size). - -```plaintext -Uploading artifacts as "archive" to coordinator... too large archive <job-id> responseStatus=413 Request Entity Too Large status=413" at end of a build job on pipeline when trying to store artifacts to <object-storage>. -``` +<!-- This redirect file can be deleted after <2023-10-13>. --> +<!-- Redirects that point to other docs in the same project expire in three months. --> +<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. --> +<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html --> diff --git a/doc/user/admin_area/settings/email.md b/doc/user/admin_area/settings/email.md index 4cdbdc8cfe4..f90aa7cc865 100644 --- a/doc/user/admin_area/settings/email.md +++ b/doc/user/admin_area/settings/email.md @@ -1,125 +1,11 @@ --- -type: reference -stage: Plan -group: Project Management -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +redirect_to: '../../../administration/settings/email.md' +remove_date: '2023-10-14' --- -# Email **(FREE SELF)** +This document was moved to [another location](../../../administration/settings/email.md). -You can customize some of the content in emails sent from your GitLab instance. - -## Custom logo - -The logo in the header of some emails can be customized, see the [logo customization section](../../../administration/appearance.md#navigation-bar). - -## Include author name in email notification email body **(PREMIUM SELF)** - -By default, GitLab overrides the email address in notification emails with the email address -of the issue, merge request, or comment author. Enable this setting to include the author's email -address in the body of the email instead. - -To include the author's email address in the email body: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Select the **Include author name in email notification email body** checkbox. -1. Select **Save changes**. - -## Enable multipart email **(PREMIUM SELF)** - -GitLab can send email in multipart format (HTML and plain text) or plain text only. - -To enable multipart email: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Select **Enable multipart email**. -1. Select **Save changes**. - -## Custom hostname for private commit emails **(PREMIUM SELF)** - -> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/22560) in GitLab 11.5. - -This configuration option sets the email hostname for [private commit emails](../../profile/index.md#use-an-automatically-generated-private-commit-email). - By default it is set to `users.noreply.YOUR_CONFIGURED_HOSTNAME`. - -To change the hostname used in private commit emails: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Enter the desired hostname in the **Custom hostname (for private commit emails)** field. -1. Select **Save changes**. - -NOTE: -After the hostname is configured, every private commit email using the previous hostname is not -recognized by GitLab. This can directly conflict with certain [Push rules](../../project/repository/push_rules.md) such as -`Check whether author is a GitLab user` and `Check whether committer is the current authenticated user`. - -## Custom additional text **(PREMIUM SELF)** - -You can add additional text at the bottom of any email that GitLab sends. This additional text -can be used for legal, auditing, or compliance reasons, for example. - -To add additional text to emails: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Enter your text in the **Additional text** field. -1. Select **Save changes**. - -## User deactivation emails - -GitLab sends email notifications to users when their account has been deactivated. - -To disable these notifications: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Clear the **Enable user deactivation emails** checkbox. -1. Select **Save changes**. - -### Custom additional text in deactivation emails **(FREE SELF)** - -> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/355964) in GitLab 15.9 [with a flag](../../../administration/feature_flags.md) named `deactivation_email_additional_text`. Disabled by default. -> - [Enabled on self-managed and GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111882) in GitLab 15.9. - -FLAG: -On self-managed GitLab, by default this feature is available. To hide the feature, ask an -administrator to [disable the feature flag](../../../administration/feature_flags.md) named -`deactivation_email_additional_text`. - -You can add additional text at the bottom of the email that GitLab sends to users when their account -is deactivated. This email text is separate from the [custom additional text](#custom-additional-text) -setting. - -To add additional text to deactivation emails: - -1. On the left sidebar, expand the top-most chevron (**{chevron-down}**). -1. Select **Admin Area**. -1. Select **Settings > Preferences**. -1. Expand **Email**. -1. Enter your text in the **Additional text for deactivation email** field. -1. Select **Save changes**. - -<!-- ## Troubleshooting - -Include any troubleshooting steps that you can foresee. If you know beforehand what issues -one might have when setting this up, or when something is changed, or on upgrading, it's -important to describe those, too. Think of things that may go wrong and include them here. -This is important to minimize requests for support, and to avoid doc comments with -questions that you know someone might ask. - -Each scenario can be a third-level heading, for example `### Getting error message X`. -If you have none to add when creating a doc, leave this section in place -but commented out to help encourage others to add to it in the future. --> +<!-- This redirect file can be deleted after <2023-10-14>. --> +<!-- Redirects that point to other docs in the same project expire in three months. --> +<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. --> +<!-- Before deletion, see: https://docs.gitlab.com/ee/development/documentation/redirects.html --> diff --git a/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_input_v14_10.png b/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_input_v14_10.png Binary files differdeleted file mode 100644 index 08451f36962..00000000000 --- a/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_input_v14_10.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_v14_10.png b/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_v14_10.png Binary files differdeleted file mode 100644 index 64bd9cf6911..00000000000 --- a/doc/user/admin_area/settings/img/continuous_integration_shared_runner_details_v14_10.png +++ /dev/null diff --git a/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png b/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png Binary files differdeleted file mode 100644 index 0d9bfa4a173..00000000000 --- a/doc/user/admin_area/settings/img/suggest_pipeline_banner_v14_5.png +++ /dev/null diff --git a/doc/user/application_security/configuration/index.md b/doc/user/application_security/configuration/index.md index bce8a3ce53b..bbb7bf2f625 100644 --- a/doc/user/application_security/configuration/index.md +++ b/doc/user/application_security/configuration/index.md @@ -77,8 +77,8 @@ You can configure the following security controls: You can configure the following security controls: -- [License Scanning](../../../user/compliance/license_scanning_of_cyclonedx_files/index.md) - - Can be configured with `.gitlab-ci.yml`. For more details, read [License Scanning](../../../user/compliance/license_scanning_of_cyclonedx_files/index.md#enable-license-scanning). +- [License Compliance](../../../user/compliance/license_compliance/index.md) + - Can be configured with `.gitlab-ci.yml`. For more details, read [License Compliance](../../../user/compliance/license_compliance/index.md#enable-license-compliance). - [Security Training](../../../user/application_security/vulnerabilities/index.md#enable-security-training-for-vulnerabilities) - Enable **Security training** for the current project. For more details, read [security training](../../../user/application_security/vulnerabilities/index.md#enable-security-training-for-vulnerabilities). diff --git a/doc/user/application_security/dependency_list/index.md b/doc/user/application_security/dependency_list/index.md index e5ca4de9478..a1535b52c56 100644 --- a/doc/user/application_security/dependency_list/index.md +++ b/doc/user/application_security/dependency_list/index.md @@ -78,8 +78,8 @@ Dependency paths are supported for the following package managers: > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10536) in GitLab 12.3. -If the [Dependency Scanning](../../application_security/dependency_scanning/index.md) CI job is configured, -[discovered licenses](../../compliance/license_scanning_of_cyclonedx_files/index.md#enable-license-scanning) are displayed on this page. +If the [License Compliance](../../compliance/license_compliance/index.md) CI job is configured, +[discovered licenses](../../compliance/license_compliance/index.md#supported-languages-and-package-managers) are displayed on this page. ## Downloading the dependency list diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index f606e9d19fe..56a79191833 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -124,7 +124,7 @@ To enable all GitLab Security scanning tools, with default settings, enable - [Auto Secret Detection](../../topics/autodevops/stages.md#auto-secret-detection) - [Auto DAST](../../topics/autodevops/stages.md#auto-dast) - [Auto Dependency Scanning](../../topics/autodevops/stages.md#auto-dependency-scanning) -- [Auto License Scanning](../../topics/autodevops/stages.md#auto-license-scanning) +- [Auto License Compliance](../../topics/autodevops/stages.md#auto-license-compliance) - [Auto Container Scanning](../../topics/autodevops/stages.md#auto-container-scanning) While you cannot directly customize Auto DevOps, you can [include the Auto DevOps template in your project's `.gitlab-ci.yml` file](../../topics/autodevops/customize.md#customize-gitlab-ciyml). @@ -417,6 +417,7 @@ For more information about overriding security jobs, see: - [Overriding Container Scanning jobs](container_scanning/index.md#overriding-the-container-scanning-template). - [Overriding Secret Detection jobs](secret_detection/index.md#configure-scan-settings). - [Overriding DAST jobs](dast/proxy-based.md#customize-dast-settings). +- [Overriding License Compliance jobs](../compliance/license_compliance/index.md#overriding-the-template). All the security scanning tools define their stage, so this error can occur with all of them. diff --git a/doc/user/application_security/offline_deployments/index.md b/doc/user/application_security/offline_deployments/index.md index 1c5df259a32..63f3763cab9 100644 --- a/doc/user/application_security/offline_deployments/index.md +++ b/doc/user/application_security/offline_deployments/index.md @@ -93,7 +93,7 @@ above. You can find more information at each of the pages below: - [Secret Detection offline directions](../secret_detection/index.md#running-secret-detection-in-an-offline-environment) - [DAST offline directions](../dast/run_dast_offline.md#run-dast-in-an-offline-environment) - [API Fuzzing offline directions](../api_fuzzing/index.md#running-api-fuzzing-in-an-offline-environment) -- [License Scanning offline directions](../../compliance/license_scanning_of_cyclonedx_files/index.md#running-in-an-offline-environment) +- [License Compliance offline directions](../../compliance/license_compliance/index.md#running-license-compliance-in-an-offline-environment) - [Dependency Scanning offline directions](../dependency_scanning/index.md#running-dependency-scanning-in-an-offline-environment) ## Loading Docker images onto your offline host diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md index 702f634ddc8..238cf10cba9 100644 --- a/doc/user/compliance/license_compliance/index.md +++ b/doc/user/compliance/license_compliance/index.md @@ -3,13 +3,845 @@ type: reference, howto stage: Secure group: Composition Analysis info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments -remove_date: '2023-10-12' -redirect_to: '../license_approval_policies.md' --- +# License Compliance (deprecated) **(ULTIMATE)** -# License Compliance (removed) **(ULTIMATE)** +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5483) in GitLab 11.0. +> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. -This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. -and [removed](https://gitlab.com/groups/gitlab-org/-/epics/8093) in GitLab 16.0. -Use [License Approval Policies](https://gitlab.com/groups/gitlab-org/-/epics/8092) instead. +WARNING: +This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/387561) in GitLab 15.9. You should instead migrate to use [License approval policies](../license_approval_policies.md) and the [new method of license scanning](../license_scanning_of_cyclonedx_files/index.md) prior to GitLab 16.1. + +If you're using [GitLab CI/CD](../../../ci/index.md), you can use License Compliance to search your +project's dependencies for their licenses. You can then decide whether to allow or deny the use of +each license. For example, if your application uses an external (open source) library whose license +is incompatible with yours, then you can deny the use of that license. + +To detect the licenses in use, License Compliance uses the [License Finder](https://github.com/pivotal/LicenseFinder) scan tool that runs as part of the CI/CD pipeline. The License Compliance job is not dependent on any other job in +a pipeline. + +For the job to activate, License Finder needs to find a compatible package definition in the project directory. For details, see the [Activation on License Finder documentation](https://github.com/pivotal/LicenseFinder#activation). +GitLab checks the License Compliance report, compares the +licenses between the source and target branches, and shows the information right on the merge +request. Denied licenses are indicated by a `x` red icon next to them as well as new licenses that +need a decision from you. In addition, you can [manually allow or deny](../license_approval_policies.md) licenses in your +project's security policies section. If a denied license is detected in a new commit, +GitLab blocks any merge requests containing that commit and instructs the developer to remove the +license. + +NOTE: +Starting with GitLab 15.9, License Compliance can detect the licenses in use +[using Dependency Scanning CI jobs](../license_scanning_of_cyclonedx_files/index.md) +instead of the License Scanning ones. + +NOTE: +If the license compliance report doesn't have anything to compare to, no information +is displayed in the merge request area. That is the case when you add the +`license_scanning` job in your `.gitlab-ci.yml` for the first time. +Consecutive merge requests have something to compare to and the license +compliance report is shown properly. + +The results are saved as a +[License Compliance report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportslicense_scanning) +that you can later download and analyze. + +WARNING: +License Compliance Scanning does not support run-time installation of compilers and interpreters. + +## Enable License Compliance + +To enable License Compliance in your project's pipeline, either: + +- Enable [Auto License Compliance](../../../topics/autodevops/stages.md#auto-license-compliance) + (provided by [Auto DevOps](../../../topics/autodevops/index.md)). +- Include the [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml) in your `.gitlab-ci.yml` file. + +License Compliance is not supported when GitLab is run with FIPS mode enabled. + +### Include the License Scanning template + +Prerequisites: + +- [GitLab Runner](../../../ci/runners/index.md) available, with the + [`docker` executor](https://docs.gitlab.com/runner/executors/docker.html). If you're using the + shared runners on GitLab.com, this is enabled by default. +- License Scanning runs in the `test` stage, which is available by default. If you redefine the stages in the + `.gitlab-ci.yml` file, the `test` stage is required. +- [FIPS mode](../../../development/fips_compliance.md#enable-fips-mode) must be disabled. + +To [include](../../../ci/yaml/index.md#includetemplate) the +[`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml), add it to your `.gitlab-ci.yml` file: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml +``` + +The included template creates a `license_scanning` job in your CI/CD pipeline and scans your +dependencies to find their licenses. + +## License expressions + +GitLab has limited support for [composite licenses](https://spdx.github.io/spdx-spec/v2-draft/SPDX-license-expressions/). +License compliance can read multiple licenses, but always considers them combined using the `AND` operator. For example, +if a dependency has two licenses, and one of them is allowed and the other is denied by the project [license approval policy](../license_approval_policies.md), +GitLab evaluates the composite license as _denied_, as this is the safer option. +The ability to support other license expression operators (like `OR`, `WITH`) is tracked +in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/6571). + +## Supported languages and package managers + +The following languages and package managers are supported. + +Gradle 1.x projects are not supported. The minimum supported version of Maven is 3.2.5. + +| Language | Package managers | Notes | +|------------|----------------------------------------------------------------------------------------------|-------| +| JavaScript | [Bower](https://bower.io/), [npm](https://www.npmjs.com/) (7 and earlier) | | +| Go | [Godep](https://github.com/tools/godep) ([deprecated](../../../update/deprecations.md#godep-support-in-license-compliance)), [go mod](https://github.com/golang/go/wiki/Modules) | | +| Java | [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) | | +| .NET | [NuGet](https://www.nuget.org/) | The .NET Framework is supported via the [mono project](https://www.mono-project.com/). There are, however, some limitations. The scanner doesn't support Windows-specific dependencies and doesn't report dependencies of your project's listed dependencies. Also, the scanner always marks detected licenses for all dependencies as `unknown`. | +| Python | [pip](https://pip.pypa.io/en/stable/) | Python is supported through [requirements.txt](https://pip.pypa.io/en/stable/user_guide/#requirements-files) and [Pipfile.lock](https://github.com/pypa/pipfile#pipfilelock). | +| Ruby | [gem](https://rubygems.org/) | | + +### Experimental support + +The following languages and package managers are [supported experimentally](https://github.com/pivotal/LicenseFinder#experimental-project-types). +The reported licenses might be incomplete or inaccurate. + +| Language | Package managers | +|------------|---------------------------------------------------------------------------------------------------------------| +| JavaScript | [Yarn](https://yarnpkg.com/) | +| Go | `go get`, `gvt`, `glide`, `dep`, `trash`, `govendor` | +| Erlang | [Rebar](https://rebar3.org/) | +| Objective-C, Swift | [Carthage](https://github.com/Carthage/Carthage), [CocoaPods](https://cocoapods.org/) v0.39 and below | +| Elixir | [Mix](https://elixir-lang.org/getting-started/mix-otp/introduction-to-mix.html) | +| C++/C | [Conan](https://conan.io/) | +| Rust | [Cargo](https://crates.io/) | +| PHP | [Composer](https://getcomposer.org/) | + +## Available CI/CD variables + +License Compliance can be configured using CI/CD variables. + +| CI/CD variable | Required | Description | +|-----------------------------|----------|-------------| +| `ADDITIONAL_CA_CERT_BUNDLE` | no | Bundle of trusted CA certificates (currently supported in Pip, Pipenv, Maven, Gradle, Yarn, and npm projects). | +| `ASDF_JAVA_VERSION` | no | Version of Java to use for the scan. | +| `ASDF_NODEJS_VERSION` | no | Version of Node.js to use for the scan. | +| `ASDF_PYTHON_VERSION` | no | Version of Python to use for the scan. [Configuration](#selecting-the-version-of-python) | +| `ASDF_RUBY_VERSION` | no | Version of Ruby to use for the scan. | +| `GRADLE_CLI_OPTS` | no | Additional arguments for the Gradle executable. If not supplied, defaults to `--exclude-task=test`. | +| `LICENSE_FINDER_CLI_OPTS` | no | Additional arguments for the `license_finder` executable. For example, if you have multiple projects in nested directories, you can update your `.gitlab-ci.yml` template to specify a recursive scan, like `LICENSE_FINDER_CLI_OPTS: '--recursive'`. | +| `LM_JAVA_VERSION` | no | Version of Java. If set to `11`, Maven and Gradle use Java 11 instead of Java 8. [Configuration](#selecting-the-version-of-java) | +| `LM_PYTHON_VERSION` | no | Version of Python. If set to `3`, dependencies are installed using Python 3 instead of Python 2.7. [Configuration](#selecting-the-version-of-python) | +| `MAVEN_CLI_OPTS` | no | Additional arguments for the `mvn` executable. If not supplied, defaults to `-DskipTests`. | +| `PIP_INDEX_URL` | no | Base URL of Python Package Index (default: `https://pypi.org/simple/`). | +| `SECURE_ANALYZERS_PREFIX` | no | Set the Docker registry base address to download the analyzer from. | +| `SETUP_CMD` | no | Custom setup for the dependency installation (experimental). | + +## Installing custom dependencies + +> Introduced in GitLab 11.4. + +The `license_finder` image already embeds many auto-detection scripts, languages, +and packages. Nevertheless, it's almost impossible to cover all cases for all projects. +That's why sometimes it's necessary to install extra packages, or to have extra steps +in the project automated setup, like the download and installation of a certificate. +For that, a `SETUP_CMD` CI/CD variable can be passed to the container, +with the required commands to run before the license detection. + +If present, this variable overrides the setup step necessary to install all the packages +of your application (for example: for a project with a `Gemfile`, the setup step could be +`bundle install`). + +For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +variables: + SETUP_CMD: sh my-custom-install-script.sh +``` + +In this example, `my-custom-install-script.sh` is a shell script at the root +directory of your project. + +## Working with Monorepos + +Depending on your language, you may need to specify the path to the individual +projects of a monorepo using the `LICENSE_FINDER_CLI_OPTS` variable. Passing in +the project paths can significantly speed up builds over using the `--recursive` +License Finder option. + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +variables: + LICENSE_FINDER_CLI_OPTS: "--aggregate_paths=relative-path/to/sub-project/one relative-path/to/sub-project/two" +``` + +## Overriding the template + +WARNING: +Beginning in GitLab 13.0, the use of [`only` and `except`](../../../ci/yaml/index.md#only--except) +is no longer supported. When overriding the template, you must use [`rules`](../../../ci/yaml/index.md#rules) instead. + +If you want to override the job definition (for example, change properties like +`variables` or `dependencies`), you need to declare a `license_scanning` job +after the template inclusion and specify any additional keys under it. For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + CI_DEBUG_TRACE: "true" +``` + +## Configuring Maven projects + +The License Compliance tool provides a `MAVEN_CLI_OPTS` CI/CD variable which can hold +the command line arguments to pass to the `mvn install` command which is executed under the hood. +Feel free to use it for the customization of Maven execution. For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + MAVEN_CLI_OPTS: --debug +``` + +`mvn install` runs through all of the [build life cycle](https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html) +stages prior to `install`, including `test`. Running unit tests is not directly +necessary for the license scanning purposes and consumes time, so it's skipped +by having the default value of `MAVEN_CLI_OPTS` as `-DskipTests`. If you want +to supply custom `MAVEN_CLI_OPTS` and skip tests at the same time, don't forget +to explicitly add `-DskipTests` to your options. +If you still need to run tests during `mvn install`, add `-DskipTests=false` to +`MAVEN_CLI_OPTS`. + +### Using private Maven repositories + +If you have a private Maven repository which requires login credentials, +you can use the `MAVEN_CLI_OPTS` CI/CD variable. + +Read more on [how to use private Maven repositories](../../application_security/index.md#using-private-maven-repositories). + +You can also use `MAVEN_CLI_OPTS` to connect to a trusted Maven repository that uses a self-signed +or internally trusted certificate. For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + MAVEN_CLI_OPTS: -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -Dmaven.wagon.http.ssl.insecure=true +``` + +Alternatively, you can use a Java key store to verify the TLS connection. For instructions on how to +generate a key store file, see the +[Maven Guide to Remote repository access through authenticated HTTPS](https://maven.apache.org/guides/mini/guide-repository-ssl.html). + +## Selecting the version of Java + +License Compliance uses Java 8 by default. You can specify a different Java version using `LM_JAVA_VERSION`. + +`LM_JAVA_VERSION` only accepts versions: 8, 11, 14, 15. + +## Selecting the version of Python + +> - [Introduced](https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/36) in GitLab 12.0. +> - In [GitLab 12.2](https://gitlab.com/gitlab-org/gitlab/-/issues/12032), Python 3.5 became the default. +> - In [GitLab 12.7](https://gitlab.com/gitlab-org/security-products/license-management/-/merge_requests/101), Python 3.8 became the default. + +License Compliance uses Python 3.8 and pip 19.1 by default. +If your project requires Python 2, you can switch to Python 2.7 and pip 10.0 +by setting the `LM_PYTHON_VERSION` CI/CD variable to `2`. + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + LM_PYTHON_VERSION: 2 +``` + +`LM_PYTHON_VERSION` or `ASDF_PYTHON_VERSION` can be used to specify the desired version of Python. When both variables are specified `LM_PYTHON_VERSION` takes precedence. + +## Custom root certificates for Python + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). + +### Using private Python repositories + +If you have a private Python repository you can use the `PIP_INDEX_URL` [CI/CD variable](#available-cicd-variables) +to specify its location. + +## Configuring npm projects + +You can configure npm projects by using an [`.npmrc`](https://docs.npmjs.com/configuring-npm/npmrc.html/) +file. + +### Using private npm registries + +If you have a private npm registry you can use the +[`registry`](https://docs.npmjs.com/using-npm/config/#registry) +setting to specify its location. + +For example: + +```plaintext +registry = https://npm.example.com +``` + +### Custom root certificates for npm + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). + +To disable TLS verification you can provide the [`strict-ssl`](https://docs.npmjs.com/using-npm/config/#strict-ssl) +setting. + +For example: + +```plaintext +strict-ssl = false +``` + +## Configuring Yarn projects + +You can configure Yarn projects by using a [`.yarnrc.yml`](https://yarnpkg.com/configuration/yarnrc/) +file. + +### Using private Yarn registries + +If you have a private Yarn registry you can use the +[`npmRegistryServer`](https://yarnpkg.com/configuration/yarnrc/#npmRegistryServer) +setting to specify its location. + +For example: + +```plaintext +npmRegistryServer: "https://npm.example.com" +``` + +### Custom root certificates for Yarn + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). + +## Configuring Bower projects + +You can configure Bower projects by using a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification) +file. + +### Using private Bower registries + +If you have a private Bower registry you can use the +[`registry`](https://bower.io/docs/config/#bowerrc-specification) +setting to specify its location. + +For example: + +```plaintext +{ + "registry": "https://registry.bower.io" +} +``` + +### Custom root certificates for Bower + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by +specifying a `ca` setting in a [`.bowerrc`](https://bower.io/docs/config/#bowerrc-specification) +file. + +## Configuring Bundler projects + +### Using private Bundler registries + +If you have a private Bundler registry you can use the +[`source`](https://bundler.io/man/gemfile.5.html#GLOBAL-SOURCES) +setting to specify its location. + +For example: + +```plaintext +source "https://gems.example.com" +``` + +### Custom root certificates for Bundler + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by +specifying a [`BUNDLE_SSL_CA_CERT`](https://bundler.io/v2.0/man/bundle-config.1.html) +[variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file) +in the job definition. + +## Configuring Cargo projects + +### Using private Cargo registries + +If you have a private Cargo registry you can use the +[`registries`](https://doc.rust-lang.org/cargo/reference/registries.html) +setting to specify its location. + +For example: + +```toml +[registries] +my-registry = { index = "https://my-intranet:8080/git/index" } +``` + +### Custom root certificates for Cargo + +To supply a custom root certificate to complete TLS verification, do one of the following: + +- Use the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). +- Specify a [`CARGO_HTTP_CAINFO`](https://doc.rust-lang.org/cargo/reference/environment-variables.html) + [variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file) + in the job definition. + +## Configuring Composer projects + +### Using private Composer registries + +If you have a private Composer registry you can use the +[`repositories`](https://getcomposer.org/doc/05-repositories.md) +setting to specify its location. + +For example: + +```json +{ + "repositories": [ + { "packagist.org": false }, + { + "type": "composer", + "url": "https://composer.example.com" + } + ], + "require": { + "monolog/monolog": "1.0.*" + } +} +``` + +### Custom root certificates for Composer + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), or by +specifying a [`COMPOSER_CAFILE`](https://getcomposer.org/doc/03-cli.md#composer-cafile) +[variable](../../../ci/variables/index.md#define-a-cicd-variable-in-the-gitlab-ciyml-file) +in the job definition. + +## Configuring Conan projects + +You can configure [Conan](https://conan.io/) projects by adding a `.conan` directory to your +project root. The project root serves as the [`CONAN_USER_HOME`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-user-home). + +Consult the [Conan](https://docs.conan.io/en/latest/reference/config_files/conan.conf.html#conan-conf) +documentation for a list of settings that you can apply. + +The `license_scanning` job runs in a [Debian 10](https://www.debian.org/releases/buster/) Docker +image. The supplied image ships with some build tools such as [CMake](https://cmake.org/) and [GCC](https://gcc.gnu.org/). +However, not all project types are supported by default. To install additional tools needed to +compile dependencies, use a [`before_script`](../../../ci/yaml/index.md#before_script) +to install the necessary build tools using the [`apt`](https://wiki.debian.org/PackageManagementTools) +package manager. For a comprehensive list, consult [the Conan documentation](https://docs.conan.io/en/latest/introduction.html#all-platforms-all-build-systems-and-compilers). + +The default [Conan](https://conan.io/) configuration sets [`CONAN_LOGIN_USERNAME`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name) +to `ci_user`, and binds [`CONAN_PASSWORD`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-password-conan-password-remote-name) +to the [`CI_JOB_TOKEN`](../../../ci/variables/predefined_variables.md) +for the running job. This allows Conan projects to fetch packages from a [GitLab Conan Repository](../../packages/conan_repository/index.md#fetch-conan-package-information-from-the-package-registry) +if a GitLab remote is specified in the `.conan/remotes.json` file. + +To override the default credentials specify a [`CONAN_LOGIN_USERNAME_{REMOTE_NAME}`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name) +matching the name of the remote specified in the `.conan/remotes.json` file. + +NOTE: +[MSBuild](https://github.com/mono/msbuild#microsoftbuild-msbuild) projects aren't supported. The +`license_scanning` image ships with [Mono](https://www.mono-project.com/) and [MSBuild](https://github.com/mono/msbuild#microsoftbuild-msbuild). +Additional setup may be required to build packages for this project configuration. + +### Using private Conan registries + +By default, [Conan](https://conan.io/) uses the `conan-center` remote. For example: + +```json +{ + "remotes": [ + { + "name": "conan-center", + "url": "https://conan.bintray.com", + "verify_ssl": true + } + ] +} +``` + +To fetch dependencies from an alternate remote, specify that remote in a `.conan/remotes.json`. For +example: + +```json +{ + "remotes": [ + { + "name": "gitlab", + "url": "https://gitlab.com/api/v4/packages/conan", + "verify_ssl": true + } + ] +} +``` + +If credentials are required to authenticate then you can configure a [protected CI/CD variable](../../../ci/variables/index.md#protect-a-cicd-variable) +following the naming convention described in the [`CONAN_LOGIN_USERNAME` documentation](https://docs.conan.io/en/latest/reference/env_vars.html#conan-login-username-conan-login-username-remote-name). + +### Custom root certificates for Conan + +You can provide custom certificates by adding a `.conan/cacert.pem` file to the project root and +setting [`CA_CERT_PATH`](https://docs.conan.io/en/latest/reference/env_vars.html#conan-cacert-path) +to `.conan/cacert.pem`. + +If you specify the `ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables), this +variable's X.509 certificates are installed in the Docker image's default trust store and Conan is +configured to use this as the default `CA_CERT_PATH`. + +## Configuring Go projects + +To configure [Go modules](https://github.com/golang/go/wiki/Modules) +based projects, specify [CI/CD variables](https://pkg.go.dev/cmd/go#hdr-Environment_variables) +in the `license_scanning` job's [variables](#available-cicd-variables) section in `.gitlab-ci.yml`. + +If a project has [vendored](https://pkg.go.dev/cmd/go#hdr-Vendor_Directories) its modules, +then the combination of the `vendor` directory and `mod.sum` file are used to detect the software +licenses associated with the Go module dependencies. + +### Using private Go registries + +You can use the [`GOPRIVATE`](https://pkg.go.dev/cmd/go#hdr-Environment_variables) +and [`GOPROXY`](https://pkg.go.dev/cmd/go#hdr-Environment_variables) +environment variables to control where modules are sourced from. Alternatively, you can use +[`go mod vendor`](https://go.dev/ref/mod#tmp_28) to vendor a project's modules. + +### Custom root certificates for Go + +You can specify the [`-insecure`](https://pkg.go.dev/cmd/go/internal/get) flag by exporting the +[`GOFLAGS`](https://pkg.go.dev/cmd/go#hdr-Environment_variables) +environment variable. For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + GOFLAGS: '-insecure' +``` + +### Using private NuGet registries + +If you have a private NuGet registry you can add it as a source +by adding it to the [`packageSources`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file#package-source-sections) +section of a [`nuget.config`](https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file) file. + +For example: + +```xml +<?xml version="1.0" encoding="utf-8"?> +<configuration> + <packageSources> + <clear /> + <add key="custom" value="https://nuget.example.com/v3/index.json" /> + </packageSources> +</configuration> +``` + +### Custom root certificates for NuGet + +You can supply a custom root certificate to complete TLS verification by using the +`ADDITIONAL_CA_CERT_BUNDLE` [CI/CD variable](#available-cicd-variables). + +### Migration from `license_management` to `license_scanning` + +WARNING: +The `license_management` job was deprecated in GitLab 12.8. The `License-Management.gitlab-ci.yml` template was removed from GitLab 14.0. + +In GitLab 12.8 a new name for `license_management` job was introduced. This change was made to improve clarity around the purpose of the scan, which is to scan and collect the types of licenses present in a projects dependencies. +GitLab 13.0 drops support for `license_management`. +If you're using a custom setup for License Compliance, you're required +to update your CI configuration accordingly: + +1. Change the CI template to `License-Scanning.gitlab-ci.yml`. +1. Change the job name to `license_scanning` (if you mention it in `.gitlab-ci.yml`). +1. Change the artifact name to `license_scanning`, and the filename to `gl-license-scanning-report.json` (if you mention it in `.gitlab-ci.yml`). + +For example, the following `.gitlab-ci.yml`: + +```yaml +include: + - template: License-Management.gitlab-ci.yml + +license_management: + artifacts: + reports: + license_management: gl-license-management-report.json +``` + +Should be changed to: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + artifacts: + reports: + license_scanning: gl-license-scanning-report.json +``` + +If you use the `license_management` artifact in GitLab 13.0 or later, the License Compliance job generates this error: + +```plaintext +WARNING: Uploading artifacts to coordinator... failed id=:id responseStatus=400 Bad Request status=400 Bad Request token=:sha + +FATAL: invalid_argument +``` + +If you encounter this error, follow the instructions described in this section. + +## Running License Compliance in an offline environment + +For self-managed GitLab instances in an environment with limited, restricted, or intermittent access +to external resources through the internet, some adjustments are required for the License Compliance job to +successfully run. For more information, see [Offline environments](../../application_security/offline_deployments/index.md). + +### Requirements for offline License Compliance + +To use License Compliance in an offline environment, you need: + +- To meet the standard [License Compliance prerequisites](#include-the-license-scanning-template). +- Docker Container Registry with locally available copies of License Compliance [analyzer](https://gitlab.com/gitlab-org/security-products/analyzers) images. + +NOTE: +GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy), +meaning the runner tries to pull Docker images from the GitLab container registry even if a local +copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy) +in an offline environment if you prefer using only locally available Docker images. However, we +recommend keeping the pull policy setting to `always` if not in an offline environment, as this +enables the use of updated scanners in your CI/CD pipelines. + +### Make GitLab License Compliance analyzer images available inside your Docker registry + +For License Compliance with all [supported languages and package managers](#supported-languages-and-package-managers), +import the following default License Compliance analyzer images from `registry.gitlab.com` to your +offline [local Docker container registry](../../packages/container_registry/index.md): + +```plaintext +registry.gitlab.com/security-products/license-finder:latest +``` + +The process for importing Docker images into a local offline Docker registry depends on +**your network security policy**. Consult your IT staff to find an accepted and approved +process by which external resources can be imported or temporarily accessed. These scanners are [updated periodically](../../application_security/index.md#vulnerability-scanner-maintenance) +with new definitions, so consider if you are able to make periodic updates yourself. + +For details on saving and transporting Docker images as a file, see the Docker documentation on +[`docker save`](https://docs.docker.com/engine/reference/commandline/save/), [`docker load`](https://docs.docker.com/engine/reference/commandline/load/), +[`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and [`docker import`](https://docs.docker.com/engine/reference/commandline/import/). + +### Set License Compliance CI/CD variables to use local License Compliance analyzers + +Add the following configuration to your `.gitlab-ci.yml` file. You must replace `image` to refer to +the License Compliance Docker image hosted on your local Docker container registry: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + image: + name: localhost:5000/analyzers/license-management:latest +``` + +The License Compliance job should now use local copies of the License Compliance analyzers to scan +your code and generate security reports, without requiring internet access. + +Additional configuration may be needed for connecting to private registries for: + +- [Bower](#using-private-bower-registries), +- [Bundler](#using-private-bundler-registries), +- [Conan](#using-private-bower-registries), +- [Go](#using-private-go-registries), +- [Maven repositories](#using-private-maven-repositories), +- [npm](#using-private-npm-registries), +- [Python repositories](#using-private-python-repositories), +- [Yarn](#using-private-yarn-registries). + +### SPDX license list name matching + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/212388) in GitLab 13.3. + +Prior to GitLab 13.3, offline environments required an exact name match for [project policies](../license_approval_policies.md). +In GitLab 13.3 and later, GitLab matches the name of [project policies](../license_approval_policies.md) +with license names from the [SPDX license list](https://spdx.org/licenses/). +A local copy of the SPDX license list is distributed with the GitLab instance. If needed, the GitLab +instance's administrator can manually update it with a [Rake task](../../../raketasks/spdx.md). + +## Warnings + +We recommend that you use the most recent version of all containers, and the most recent supported version of all package managers and languages. Using previous versions carries an increased security risk because unsupported versions may no longer benefit from active security reporting and backporting of security fixes. + +## Troubleshooting + +### `ASDF_PYTHON_VERSION` does not automatically install the version + +Defining a non-latest Python version in `ASDF_PYTHON_VERSION` [doesn't have it automatically installed](https://gitlab.com/gitlab-org/gitlab/-/issues/325604). If your project requires a non-latest version of Python: + +1. Define the required version by setting the `ASDF_PYTHON_VERSION` CI/CD variable. +1. Pass a custom script to the `SETUP_CMD` CI/CD variable to install the required version and dependencies. + +For example: + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + SETUP_CMD: ./setup.sh + ASDF_PYTHON_VERSION: "3.7.2" + before_script: + - echo "asdf install python 3.7.2 && pip install -r requirements.txt" > setup.sh + - chmod +x setup.sh + - apt-get -y update + - apt-get -y install build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev libffi-dev liblzma-dev python-openssl git +``` + +### `ERROR -- : asdf: No preset version installed for command` + +This error occurs when the version of the tools used by your project +do not match the version of the pre-installed tools available in the +`license_scanning` Docker image. The `license_scanning` job uses +[asdf-vm](https://asdf-vm.com/) to activate the appropriate version of +a tool that your project relies on. For example, if your project relies on a specific +version of [Node.js](https://nodejs.org/) or any other supported tool you can +specify the desired version by adding a +[`.tool-versions`](https://asdf-vm.com/#/core-configuration?id=tool-versions) file to the project +or using the appropriate [`ASDF_<tool>_VERSION`](https://asdf-vm.com/#/core-configuration?id=environment-variables) environment variable to +activate the appropriate version. + +For example, the following `.tool-versions` file activates version `12.16.3` of [Node.js](https://nodejs.org/) +and version `2.7.4` of [Ruby](https://www.ruby-lang.org/). + +```plaintext +nodejs 12.16.3 +ruby 2.7.4 +``` + +The next example shows how to activate the same versions of the tools mentioned above by using CI/CD variables defined in your +project's `.gitlab-ci.yml` file. + +```yaml +include: + - template: Security/License-Scanning.gitlab-ci.yml + +license_scanning: + variables: + ASDF_NODEJS_VERSION: '12.16.3' + ASDF_RUBY_VERSION: '2.7.4' +``` + +A full list of variables can be found in [CI/CD variables](#available-cicd-variables). + +To find out what tools are pre-installed in the `license_scanning` Docker image use the following command: + +```shell +$ docker run --entrypoint='' -ti --rm registry.gitlab.com/security-products/license-finder:4 \ + /bin/bash -c 'dpkg -i /opt/toolcache/*.deb && asdf list' +... +dotnet-core + 3.1.302 +elixir + 1.10.4 +golang + 1.15.5 + 1.16.2 +gradle +No versions installed +java + 11 + 14 + 15 + 8 +maven +No versions installed +nodejs + 10.21.0 + 12.18.2 + 14.17.1 +php + 7.4.8 +python + 2.7.18 + 3.3.7 + 3.4.10 + 3.5.9 + 3.6.11 + 3.7.7 + 3.8.5 +ruby + 2.4.10 + 2.4.5 + 2.4.9 + 2.5.8 + 2.6.0 + 2.6.1 + 2.6.2 + 2.6.3 + 2.6.4 + 2.6.5 + 2.6.6 + 2.7.0 + 2.7.1 + 2.7.2 +rust + 1.45.0 +``` + +It might take more than 10 minutes to run the command above. +This is because it installs every single tool version available in the Docker image. + +To interact with the `license_scanning` runtime environment use the following command: + +```shell +$ docker run -it --entrypoint='' registry.gitlab.com/security-products/license-finder:4 /bin/bash -l +root@6abb70e9f193:~# +``` + +NOTE: +Selecting a custom version of [Mono](https://www.mono-project.com/) or [.NET Core](https://dotnet.microsoft.com/download/dotnet) is currently not supported. + +### LicenseFinder::Maven: is not installed error + +If your project contains a `mvnw` or `mvnw.cmd` file, then the license scanning job may fail with the `LicenseFinder::Maven: is not installed error` error. To resolve this, modify the license scanning job to remove the files in the `before_script` section. Example: + +```yaml +include: + - template: License-Scanning.gitlab-ci.yml + +license_scanning: + before_script: + - rm mvnw + - rm mvnw.cmd +``` diff --git a/doc/user/compliance/license_list.md b/doc/user/compliance/license_list.md index 1105d22ecce..deec4e28911 100644 --- a/doc/user/compliance/license_list.md +++ b/doc/user/compliance/license_list.md @@ -16,13 +16,13 @@ For the licenses to appear under the license list, the following requirements must be met: 1. You must be generating an SBOM file with components from one of our [one of our supported languages](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers). -1. If using our [`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) to generate the SBOM file, then your project must use at least one of the [supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers). +1. If using our [`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) to generate the SBOM file, then your project must use at least one of the [supported languages and package managers](license_compliance/index.md#supported-languages-and-package-managers). Alternatively, licenses will also appear under the license list when using our deprecated [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) as long as the following requirements are met: -1. The Dependency Scanning CI/CD job must be [enabled](license_scanning_of_cyclonedx_files/index.md#enable-license-scanning) for your project. +1. The License Compliance CI/CD job must be [enabled](license_compliance/index.md#enable-license-compliance) for your project. 1. Your project must use at least one of the - [supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers). + [supported languages and package managers](license_compliance/index.md#supported-languages-and-package-managers). When everything is configured, on the left sidebar, select **Secure > License compliance**. diff --git a/doc/user/gitlab_com/index.md b/doc/user/gitlab_com/index.md index 504e59dd97f..7e21516eef2 100644 --- a/doc/user/gitlab_com/index.md +++ b/doc/user/gitlab_com/index.md @@ -164,8 +164,8 @@ the related documentation. | Setting | GitLab.com | Default (self-managed) | |----------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------------------------| -| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../user/admin_area/settings/continuous_integration.md#maximum-artifacts-size). | -| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | From June 22, 2020, deleted after 30 days unless otherwise specified (artifacts created before that date have no expiry). | See [Default artifacts expiration](../admin_area/settings/continuous_integration.md#default-artifacts-expiration). | +| Artifacts maximum size (compressed) | 1 GB | See [Maximum artifacts size](../../administration/settings/continuous_integration.md#maximum-artifacts-size). | +| Artifacts [expiry time](../../ci/yaml/index.md#artifactsexpire_in) | From June 22, 2020, deleted after 30 days unless otherwise specified (artifacts created before that date have no expiry). | See [Default artifacts expiration](../../administration/settings/continuous_integration.md#default-artifacts-expiration). | | Scheduled Pipeline Cron | `*/5 * * * *` | See [Pipeline schedules advanced configuration](../../administration/cicd.md#change-maximum-scheduled-pipeline-frequency). | | Maximum jobs in active pipelines | `500` for Free tier, `1000` for all trial tiers, `20000` for Premium, and `100000` for Ultimate. | See [Number of jobs in active pipelines](../../administration/instance_limits.md#number-of-jobs-in-active-pipelines). | | Maximum CI/CD subscriptions to a project | `2` | See [Number of CI/CD subscriptions to a project](../../administration/instance_limits.md#number-of-cicd-subscriptions-to-a-project). | diff --git a/doc/user/img/rich_text_editor_01_v16_2.png b/doc/user/img/rich_text_editor_01_v16_2.png Binary files differnew file mode 100644 index 00000000000..7242f7169d5 --- /dev/null +++ b/doc/user/img/rich_text_editor_01_v16_2.png diff --git a/doc/user/img/rich_text_editor_02_v16_2.png b/doc/user/img/rich_text_editor_02_v16_2.png Binary files differnew file mode 100644 index 00000000000..b99f540cb60 --- /dev/null +++ b/doc/user/img/rich_text_editor_02_v16_2.png diff --git a/doc/user/img/rich_text_editor_03_v16_2.png b/doc/user/img/rich_text_editor_03_v16_2.png Binary files differnew file mode 100644 index 00000000000..5ee560fe79e --- /dev/null +++ b/doc/user/img/rich_text_editor_03_v16_2.png diff --git a/doc/user/img/rich_text_editor_04_v16_2.png b/doc/user/img/rich_text_editor_04_v16_2.png Binary files differnew file mode 100644 index 00000000000..70f89754f92 --- /dev/null +++ b/doc/user/img/rich_text_editor_04_v16_2.png diff --git a/doc/user/packages/package_registry/supported_functionality.md b/doc/user/packages/package_registry/supported_functionality.md index ca174c43565..d2ee5645fc1 100644 --- a/doc/user/packages/package_registry/supported_functionality.md +++ b/doc/user/packages/package_registry/supported_functionality.md @@ -57,12 +57,12 @@ Requests for packages not found in your GitLab project are forwarded to the publ | Package type | Supports request forwarding | |-------------------------------------------------------|-----------------------------| -| [Maven (with `mvn`)](../maven_repository/index.md) | [Yes (disabled by default)](../../admin_area/settings/continuous_integration.md#maven-forwarding) | -| [Maven (with `gradle`)](../maven_repository/index.md) | [Yes (disabled by default)](../../admin_area/settings/continuous_integration.md#maven-forwarding) | -| [Maven (with `sbt`)](../maven_repository/index.md) | [Yes (disabled by default)](../../admin_area/settings/continuous_integration.md#maven-forwarding) | -| [npm](../npm_registry/index.md) | [Yes](../../admin_area/settings/continuous_integration.md#npm-forwarding) | +| [Maven (with `mvn`)](../maven_repository/index.md) | [Yes (disabled by default)](../../../administration/settings/continuous_integration.md#maven-forwarding) | +| [Maven (with `gradle`)](../maven_repository/index.md) | [Yes (disabled by default)](../../../administration/settings/continuous_integration.md#maven-forwarding) | +| [Maven (with `sbt`)](../maven_repository/index.md) | [Yes (disabled by default)](../../../administration/settings/continuous_integration.md#maven-forwarding) | +| [npm](../npm_registry/index.md) | [Yes](../../../administration/settings/continuous_integration.md#npm-forwarding) | | [NuGet](../nuget_repository/index.md) | N | -| [PyPI](../pypi_repository/index.md) | [Yes](../../admin_area/settings/continuous_integration.md#pypi-forwarding) | +| [PyPI](../pypi_repository/index.md) | [Yes](../../../administration/settings/continuous_integration.md#pypi-forwarding) | | [Generic packages](../generic_packages/index.md) | N | | [Terraform](../terraform_module_registry/index.md) | N | | [Composer](../composer_repository/index.md) | N | @@ -86,7 +86,7 @@ To reduce the associated security risks, before deleting a package you can: - Verify the package is not being actively used. - Disable request forwarding: - - Instance administrators can disable forwarding in the [**Continuous Integration** section](../../admin_area/settings/continuous_integration.md#package-registry-configuration) of the Admin Area. + - Instance administrators can disable forwarding in the [**Continuous Integration** section](../../../administration/settings/continuous_integration.md#package-registry-configuration) of the Admin Area. - Group owners can disable forwarding in the **Packages and Registries** section of the group settings. ## Allow or prevent duplicates **(FREE)** diff --git a/doc/user/permissions.md b/doc/user/permissions.md index 728f9d3eff8..cf859174c10 100644 --- a/doc/user/permissions.md +++ b/doc/user/permissions.md @@ -116,10 +116,10 @@ The following table lists project permissions available for each role: | [Issues](project/issues/index.md):<br>Archive [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ | | [Issues](project/issues/index.md):<br>Upload [Design Management](project/issues/design_management.md) files | | | ✓ | ✓ | ✓ | | [Issues](project/issues/index.md):<br>Delete | | | | | ✓ | -| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View allowed and denied licenses | ✓ (1) | ✓ | ✓ | ✓ | ✓ | -| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View License Compliance reports | ✓ (1) | ✓ | ✓ | ✓ | ✓ | -| [License Scanning](compliance/license_scanning_of_cyclonedx_files/index.md):<br>View License list | | ✓ | ✓ | ✓ | ✓ | -| [License approval policies](../user/compliance/license_approval_policies.md):<br>Manage license policy | | | | ✓ | ✓ | +| [License Compliance](compliance/license_compliance/index.md):<br>View allowed and denied licenses | ✓ (1) | ✓ | ✓ | ✓ | ✓ | +| [License Compliance](compliance/license_compliance/index.md):<br>View License Compliance reports | ✓ (1) | ✓ | ✓ | ✓ | ✓ | +| [License Compliance](compliance/license_compliance/index.md):<br>View License list | | ✓ | ✓ | ✓ | ✓ | +| [License Compliance](compliance/license_compliance/index.md):<br>Manage license policy | | | | ✓ | ✓ | | [Merge requests](project/merge_requests/index.md):<br>Assign reviewer | | ✓ | ✓ | ✓ | ✓ | | [Merge requests](project/merge_requests/index.md):<br>See list | | ✓ | ✓ | ✓ | ✓ | | [Merge requests](project/merge_requests/index.md):<br>Apply code change suggestions | | | ✓ | ✓ | ✓ | diff --git a/doc/user/project/merge_requests/index.md b/doc/user/project/merge_requests/index.md index 5f371470f23..6b93955c43a 100644 --- a/doc/user/project/merge_requests/index.md +++ b/doc/user/project/merge_requests/index.md @@ -284,7 +284,7 @@ For a software developer working in a team: 1. You gather feedback from your team. 1. You work on the implementation optimizing code with [Code Quality reports](../../../ci/testing/code_quality.md). 1. You verify your changes with [Unit test reports](../../../ci/testing/unit_test_reports.md) in GitLab CI/CD. -1. You avoid using dependencies whose license is not compatible with your project with [License approval policies](../../../user/compliance/license_approval_policies.md). +1. You avoid using dependencies whose license is not compatible with your project with [License Compliance reports](../../compliance/license_compliance/index.md). 1. You request the [approval](approvals/index.md) from your manager. 1. Your manager: 1. Pushes a commit with their final review. diff --git a/doc/user/project/ml/experiment_tracking/index.md b/doc/user/project/ml/experiment_tracking/index.md index 7fda6ef03a0..936a89260d8 100644 --- a/doc/user/project/ml/experiment_tracking/index.md +++ b/doc/user/project/ml/experiment_tracking/index.md @@ -14,6 +14,12 @@ On GitLab.com, this feature is enabled on all projects. NOTE: Model experiment tracking is an [experimental feature](../../../../policy/experiment-beta-support.md). Refer to <https://gitlab.com/gitlab-org/gitlab/-/issues/381660> for feedback and feature requests. +ACCESS LEVEL: +Model experiments [visibility level](../../../public_access.md) can be set to public, private or disabled. This options can +be configured under `Settings > General > Visibility, project features, permissions > Model experiments`. Users must have +at least [Reporter role](../../../permissions.md#roles) to modify or delete experiments +and candidate data. + When creating machine learning models, data scientists often experiment with different parameters, configurations, and feature engineering to improve the performance of the model. Keeping track of all this metadata and the associated artifacts so that the data scientist can later replicate the experiment is not trivial. Machine learning experiment @@ -64,10 +70,6 @@ on how to use GitLab as a backend for the MLflow Client. ## Explore model candidates -Prerequisites: - -- You must have at least the Developer role to view experiment data. - To list the current active experiments, either go to `https/-/ml/experiments` or: 1. On the left sidebar, at the top, select **Search GitLab** (**{search}**) to find your project. diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md index e7df93dbc1c..92f637458d0 100644 --- a/doc/user/project/service_desk.md +++ b/doc/user/project/service_desk.md @@ -142,7 +142,7 @@ Instance administrators can add a header, footer or additional text to the GitLa them to all emails sent from GitLab. If you're using a custom `thank_you.md` or `new_note.md`, to include this content, add `%{SYSTEM_HEADER}`, `%{SYSTEM_FOOTER}`, or `%{ADDITIONAL_TEXT}` to your templates. -For more information, see [System header and footer messages](../../administration/appearance.md#system-header-and-footer-messages) and [custom additional text](../admin_area/settings/email.md#custom-additional-text). +For more information, see [System header and footer messages](../../administration/appearance.md#system-header-and-footer-messages) and [custom additional text](../../administration/settings/email.md#custom-additional-text). ### Use a custom template for Service Desk tickets diff --git a/doc/user/rich_text_editor.md b/doc/user/rich_text_editor.md new file mode 100644 index 00000000000..ea85dfdbcb4 --- /dev/null +++ b/doc/user/rich_text_editor.md @@ -0,0 +1,134 @@ +--- +stage: Plan +group: Knowledge +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments +type: index, reference +--- + +# Rich text editor **(FREE)** + +> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5643) for [wikis](project/wiki/index.md#rich-text-editor) in GitLab 14.0. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/371931) for editing issue descriptions in GitLab 15.5 [with a flag](../administration/feature_flags.md) named `content_editor_on_issues`. Disabled by default. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/382636) for [discussions](discussions/index.md), and creating and editing issues and merge requests in GitLab 15.11 with the same flag. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/407507) for epics in GitLab 16.1 with the same flag. +> - Feature flag `content_editor_on_issues` enabled by default in GitLab 16.2. + +FLAG: +On self-managed GitLab, by default this feature is available. To hide the feature, an administrator +can [disable the feature flag](../administration/feature_flags.md) named `content_editor_on_issues`. +On GitLab.com, this feature is available. + +The rich text editor is a "what you see is what you get" (WYSIWYG) editor so you can use +[GitLab Flavored Markdown](markdown.md) in descriptions and comments, even if you can't remember all +of its syntax. + + + +Rich text editor is available in: + +- [Wikis](project/wiki/index.md) +- Issues +- Epics +- Merge requests +- [Designs](project/issues/design_management.md) + +Features of the editor include: + +- Format text, including as bold, italics, block quotes, headings, and inline code. +- Format ordered lists, unordered lists, and checklists. +- Insert links, attachments, images, video, and audio. +- Create and edit a table structure. +- Insert and format code blocks with syntax highlighting. +- Preview Mermaid, PlantUML, and Kroki diagrams in real time. + +To track work on adding the rich text editor to more places across GitLab, see +[epic 7098](https://gitlab.com/groups/gitlab-org/-/epics/7098). + +## Switch to the rich text editor + +Use the rich text editor to edit descriptions, wiki pages, add comments. + +To switch to the rich text editor: In a text box, in the lower-left corner, select +**Switch to rich text editing**. + +## Switch to the plain text editor + +If you want to enter Markdown source in the text box, return to using the plain text editor. + +To switch to the plain text editor: In a text box, in the lower-left corner, select +**Switch to plain text editing**. + +## Compatibility with GitLab Flavored Markdown + +The rich text editor is fully compatible with [GitLab Flavored Markdown](markdown.md). +It means that you can switch between plain text and rich text modes without losing any data. + +### Input rules + +Rich text editor also supports input rules that let you work with rich content as if you were +typing Markdown. + +Supported input rules: + +| Input rule syntax | Content inserted | +| --------------------------------------------------------- | -------------------- | +| `# Heading 1` <br>... <br> `###### Heading 6` | Headings 1 through 6 | +| `**bold**` or `__bold__` | Bold text | +| `_italics_` or `*italics*` | Italicized text | +| `~~strike~~` | Strikethrough | +| `[link](url)` | Hyperlink | +| `code` | Inline code | +| <code>```rb</code> + <kbd>Enter</kbd> <br> <code>```js</code> + <kbd>Enter</kbd> | Code block | +| `* List item`, or<br> `- List item`, or<br> `+ List item` | Unordered list | +| `1. List item` | Numbered list | +| `<details>` | Collapsible section | + +## Tables + +Unlike in raw Markdown, you can use the rich text editor to insert block content paragraphs, +list items, diagrams (or even another table!) in table cells. + +### Insert a table + +To insert a table: + +1. Select **Insert table** **{table}**. +1. From the dropdown list, select the dimensions of the new table. + + + +### Edit a table + +Inside a table cell, you can use a menu to insert or delete rows or columns. + +To open the menu: In the upper-right corner of a cell, select the chevron **{chevron-down}**. + + + +### Operations on multiple cells + +Select multiple cells and merge or split them. + +To merge selected cells into one: + +1. Select multiple cells - select one and drag your cursor. +1. In the upper-right corner of a cell, select the chevron **{chevron-down}** **> Merge N cells**. + +To split merged cells: In the upper-right corner of a cell, select the chevron **{chevron-down}** **> Split cell**. + +## Insert diagrams + +Insert [Mermaid](https://mermaidjs.github.io/) and [PlantUML](https://plantuml.com/) diagrams and +preview them live as you type the diagram code. + +To insert a diagram: + +1. On the top bar of a text box, select **{plus}** **More options** and then **Mermaid diagram** or **PlantUML diagram**. +1. Enter the code for your diagram. The diagram preview appears in the text box. + + + +## Related topics + +- [Keyboard shortcuts](shortcuts.md#rich-text-editor) for rich text editor +- [GitLab Flavored Markdown](markdown.md) diff --git a/lib/api/entities/blob.rb b/lib/api/entities/blob.rb index 12700d99865..b4206679ac9 100644 --- a/lib/api/entities/blob.rb +++ b/lib/api/entities/blob.rb @@ -15,6 +15,13 @@ module API expose :ref expose :startline expose :project_id + expose :group_id, if: ->(object) { object.is_a?(Gitlab::Search::FoundWikiPage) } + + private + + def group_id + object.group&.id + end end end end diff --git a/lib/api/entities/protected_ref_access.rb b/lib/api/entities/protected_ref_access.rb index 28e0ef540d5..3cac91ccddc 100644 --- a/lib/api/entities/protected_ref_access.rb +++ b/lib/api/entities/protected_ref_access.rb @@ -5,12 +5,9 @@ module API class ProtectedRefAccess < Grape::Entity expose :id, documentation: { type: 'integer', example: 1 } expose :access_level, documentation: { type: 'integer', example: 40 } - expose :access_level_description, - documentation: { type: 'string', example: 'Maintainers' } do |protected_ref_access| - protected_ref_access.humanize - end + expose :humanize, as: :access_level_description, documentation: { type: 'string', example: 'Maintainers' } expose :deploy_key_id, documentation: { type: 'integer', example: 1 }, - if: ->(access) { access.has_attribute?(:deploy_key_id) && access.deploy_key_id } + if: ->(access) { access.has_attribute?(:deploy_key_id) } end end end diff --git a/lib/sidebars/groups/super_sidebar_menus/analyze_menu.rb b/lib/sidebars/groups/super_sidebar_menus/analyze_menu.rb index 65393336797..4d76a2567cb 100644 --- a/lib/sidebars/groups/super_sidebar_menus/analyze_menu.rb +++ b/lib/sidebars/groups/super_sidebar_menus/analyze_menu.rb @@ -17,6 +17,7 @@ module Sidebars override :configure_menu_items def configure_menu_items [ + :dashboards_analytics, :cycle_analytics, :ci_cd_analytics, :contribution_analytics, diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 858153947bd..ca22bcb59fb 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -5283,6 +5283,9 @@ msgstr "" msgid "Analytics|Dashboard was saved successfully" msgstr "" +msgid "Analytics|Dashboards are created by editing the groups dashboard files." +msgstr "" + msgid "Analytics|Dashboards are created by editing the projects dashboard files." msgstr "" @@ -41359,6 +41362,9 @@ msgstr "" msgid "SecurityOrchestration|Are you sure you want to delete this policy? This action cannot be undone." msgstr "" +msgid "SecurityOrchestration|Automatically selected runners" +msgstr "" + msgid "SecurityOrchestration|Branch types don't match any existing branches." msgstr "" @@ -41494,6 +41500,11 @@ msgstr "" msgid "SecurityOrchestration|Not enabled" msgstr "" +msgid "SecurityOrchestration|On runners with tag:" +msgid_plural "SecurityOrchestration|On runners with the tags:" +msgstr[0] "" +msgstr[1] "" + msgid "SecurityOrchestration|Only owners can update Security Policy Project" msgstr "" @@ -41542,14 +41553,9 @@ msgstr "" msgid "SecurityOrchestration|Rules" msgstr "" -msgid "SecurityOrchestration|Run %{scannerStart}%{scanner}%{scannerEnd}" +msgid "SecurityOrchestration|Run %{scannerStart}%{scanner}%{scannerEnd} with the following options:" msgstr "" -msgid "SecurityOrchestration|Run %{scannerStart}%{scanner}%{scannerEnd} on runners with tag:" -msgid_plural "SecurityOrchestration|Run %{scannerStart}%{scanner}%{scannerEnd} on runners with the tags:" -msgstr[0] "" -msgstr[1] "" - msgid "SecurityOrchestration|Run a DAST scan with Scan Profile A and Site Profile A when a pipeline run against the main branch." msgstr "" @@ -41703,6 +41709,9 @@ msgstr "" msgid "SecurityOrchestration|When license scanner finds any license %{matching} %{licenses}%{detection} in an open merge request targeting %{branches}." msgstr "" +msgid "SecurityOrchestration|With the following customized CI variables:" +msgstr "" + msgid "SecurityOrchestration|YAML" msgstr "" @@ -49400,9 +49409,6 @@ msgstr "" msgid "UsageQuota|Gitlab-integrated Docker Container Registry for storing Docker Images." msgstr "" -msgid "UsageQuota|Gitlab-integrated Docker Container Registry for storing Docker Images. %{linkStart}More information%{linkEnd}" -msgstr "" - msgid "UsageQuota|Group settings > Usage quotas" msgstr "" @@ -49451,6 +49457,9 @@ msgstr "" msgid "UsageQuota|Pipelines" msgstr "" +msgid "UsageQuota|Precise calculation of Container Registry storage size is delayed because it is too large for synchronous estimation. Precise evaluation will be scheduled within 24 hours." +msgstr "" + msgid "UsageQuota|Project storage included in %{planName} subscription" msgstr "" diff --git a/spec/features/issues/markdown_toolbar_spec.rb b/spec/features/issues/markdown_toolbar_spec.rb index 03c95c275b5..b7a0949edce 100644 --- a/spec/features/issues/markdown_toolbar_spec.rb +++ b/spec/features/issues/markdown_toolbar_spec.rb @@ -35,4 +35,17 @@ RSpec.describe 'Issue markdown toolbar', :js, feature_category: :team_planning d expect(find_field('Comment').value).to eq("test\n_underline_\n") end + + it "makes sure bold works fine after preview" do + fill_in 'Comment', with: "test" + + click_button 'Preview' + click_button 'Continue editing' + + page.evaluate_script('document.getElementById("note-body").setSelectionRange(0, 4)') + + click_button 'Add bold text' + + expect(find_field('Comment').value).to eq("**test**") + end end diff --git a/spec/fixtures/api/schemas/public_api/v4/wiki_blobs.json b/spec/fixtures/api/schemas/public_api/v4/wiki_blobs.json new file mode 100644 index 00000000000..26379c56a46 --- /dev/null +++ b/spec/fixtures/api/schemas/public_api/v4/wiki_blobs.json @@ -0,0 +1,57 @@ +{ + "type": "array", + "items": { + "type": "object", + "properties": { + "basename": { + "type": "string" + }, + "data": { + "type": "string" + }, + "path": { + "type": [ + "string" + ] + }, + "filename": { + "type": [ + "string" + ] + }, + "id": { + "type": [ + "string", + "null" + ] + }, + "project_id": { + "type": [ + "integer", + "null" + ] + }, + "group_id": { + "type": [ + "integer", + "null" + ] + }, + "ref": { + "type": "string" + }, + "startline": { + "type": "integer" + } + }, + "required": [ + "basename", + "data", + "path", + "filename", + "ref", + "startline" + ], + "additionalProperties": false + } +} diff --git a/spec/frontend/content_editor/extensions/copy_paste_spec.js b/spec/frontend/content_editor/extensions/copy_paste_spec.js index e213e7be63d..f8faa7869c0 100644 --- a/spec/frontend/content_editor/extensions/copy_paste_spec.js +++ b/spec/frontend/content_editor/extensions/copy_paste_spec.js @@ -19,6 +19,8 @@ import { } from '../test_utils'; const CODE_BLOCK_HTML = '<pre class="js-syntax-highlight" lang="javascript">var a = 2;</pre>'; +const CODE_SUGGESTION_HTML = + '<pre data-lang-params="-0+0" class="js-syntax-highlight language-suggestion" lang="suggestion">Suggested code</pre>'; const DIAGRAM_HTML = '<img data-diagram="nomnoml" data-diagram-src="data:text/plain;base64,WzxmcmFtZT5EZWNvcmF0b3IgcGF0dGVybl0=">'; const FRONTMATTER_HTML = '<pre lang="yaml" data-lang-params="frontmatter">key: value</pre>'; @@ -122,11 +124,12 @@ describe('content_editor/extensions/copy_paste', () => { }); it.each` - nodeType | html | handled | desc - ${'codeBlock'} | ${CODE_BLOCK_HTML} | ${false} | ${'does not handle'} - ${'diagram'} | ${DIAGRAM_HTML} | ${false} | ${'does not handle'} - ${'frontmatter'} | ${FRONTMATTER_HTML} | ${false} | ${'does not handle'} - ${'paragraph'} | ${PARAGRAPH_HTML} | ${true} | ${'handles'} + nodeType | html | handled | desc + ${'codeBlock'} | ${CODE_BLOCK_HTML} | ${false} | ${'does not handle'} + ${'codeSuggestion'} | ${CODE_SUGGESTION_HTML} | ${false} | ${'does not handle'} + ${'diagram'} | ${DIAGRAM_HTML} | ${false} | ${'does not handle'} + ${'frontmatter'} | ${FRONTMATTER_HTML} | ${false} | ${'does not handle'} + ${'paragraph'} | ${PARAGRAPH_HTML} | ${true} | ${'handles'} `('$desc paste if currently a `$nodeType` is in focus', async ({ html, handled }) => { tiptapEditor.commands.insertContent(html); diff --git a/spec/frontend/tracking/internal_events_spec.js b/spec/frontend/tracking/internal_events_spec.js index 2179b2e489e..ad2ffa7cef4 100644 --- a/spec/frontend/tracking/internal_events_spec.js +++ b/spec/frontend/tracking/internal_events_spec.js @@ -3,11 +3,20 @@ import { mockTracking } from 'helpers/tracking_helper'; import { shallowMountExtended } from 'helpers/vue_test_utils_helper'; import InternalEvents from '~/tracking/internal_events'; import { GITLAB_INTERNAL_EVENT_CATEGORY, SERVICE_PING_SCHEMA } from '~/tracking/constants'; +import * as utils from '~/tracking/utils'; +import { Tracker } from '~/tracking/tracker'; jest.mock('~/api', () => ({ trackRedisHllUserEvent: jest.fn(), })); +jest.mock('~/tracking/utils', () => ({ + ...jest.requireActual('~/tracking/utils'), + getInternalEventHandlers: jest.fn(), +})); + +Tracker.enabled = jest.fn(); + describe('InternalEvents', () => { describe('track_event', () => { it('track_event calls trackRedisHllUserEvent with correct arguments', () => { @@ -60,4 +69,32 @@ describe('InternalEvents', () => { expect(trackEventSpy).toHaveBeenCalledWith(event); }); }); + + describe('bindInternalEventDocument', () => { + it('should not bind event handlers if tracker is not enabled', () => { + Tracker.enabled.mockReturnValue(false); + const result = InternalEvents.bindInternalEventDocument(); + expect(result).toEqual([]); + expect(utils.getInternalEventHandlers).not.toHaveBeenCalled(); + }); + + it('should not bind event handlers if already bound', () => { + Tracker.enabled.mockReturnValue(true); + document.internalEventsTrackingBound = true; + const result = InternalEvents.bindInternalEventDocument(); + expect(result).toEqual([]); + expect(utils.getInternalEventHandlers).not.toHaveBeenCalled(); + }); + + it('should bind event handlers when not bound yet', () => { + Tracker.enabled.mockReturnValue(true); + document.internalEventsTrackingBound = false; + const addEventListenerMock = jest.spyOn(document, 'addEventListener'); + + const result = InternalEvents.bindInternalEventDocument(); + + expect(addEventListenerMock).toHaveBeenCalledWith('click', expect.any(Function)); + expect(result).toEqual({ name: 'click', func: expect.any(Function) }); + }); + }); }); diff --git a/spec/frontend/tracking/utils_spec.js b/spec/frontend/tracking/utils_spec.js index d6f2c5095b4..7ba65cce15d 100644 --- a/spec/frontend/tracking/utils_spec.js +++ b/spec/frontend/tracking/utils_spec.js @@ -4,6 +4,8 @@ import { addExperimentContext, addReferrersCacheEntry, filterOldReferrersCacheEntries, + InternalEventHandler, + createInternalEventPayload, } from '~/tracking/utils'; import { TRACKING_CONTEXT_SCHEMA } from '~/experimentation/constants'; import { REFERRER_TTL, URLS_CACHE_STORAGE_KEY } from '~/tracking/constants'; @@ -95,5 +97,40 @@ describe('~/tracking/utils', () => { expect(cache[0].timestamp).toBeDefined(); }); }); + + describe('createInternalEventPayload', () => { + it('should return event name from element', () => { + const mockEl = { dataset: { eventTracking: 'click' } }; + const result = createInternalEventPayload(mockEl); + expect(result).toEqual('click'); + }); + }); + + describe('InternalEventHandler', () => { + it.each([ + ['should call the provided function with the correct event payload', 'click', true], + [ + 'should not call the provided function if the closest matching element is not found', + null, + false, + ], + ])('%s', (_, payload, shouldCallFunc) => { + const mockFunc = jest.fn(); + const mockEl = payload ? { dataset: { eventTracking: payload } } : null; + const mockEvent = { + target: { + closest: jest.fn().mockReturnValue(mockEl), + }, + }; + + InternalEventHandler(mockEvent, mockFunc); + + if (shouldCallFunc) { + expect(mockFunc).toHaveBeenCalledWith(payload); + } else { + expect(mockFunc).not.toHaveBeenCalled(); + } + }); + }); }); }); diff --git a/spec/lib/sidebars/groups/super_sidebar_menus/analyze_menu_spec.rb b/spec/lib/sidebars/groups/super_sidebar_menus/analyze_menu_spec.rb index 3d3d304a5a0..6114dee61bd 100644 --- a/spec/lib/sidebars/groups/super_sidebar_menus/analyze_menu_spec.rb +++ b/spec/lib/sidebars/groups/super_sidebar_menus/analyze_menu_spec.rb @@ -15,6 +15,7 @@ RSpec.describe Sidebars::Groups::SuperSidebarMenus::AnalyzeMenu, feature_categor it 'defines list of NilMenuItem placeholders' do expect(items.map(&:class).uniq).to eq([Sidebars::NilMenuItem]) expect(items.map(&:item_id)).to eq([ + :dashboards_analytics, :cycle_analytics, :ci_cd_analytics, :contribution_analytics, diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 42fe301ea9e..602b7148d0e 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -3217,6 +3217,31 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do end end + describe ':write_model_experiments' do + using RSpec::Parameterized::TableSyntax + + where(:ff_ml_experiment_tracking, :current_user, :access_level, :allowed) do + false | ref(:owner) | Featurable::ENABLED | false + true | ref(:reporter) | Featurable::ENABLED | true + true | ref(:reporter) | Featurable::PRIVATE | true + true | ref(:reporter) | Featurable::DISABLED | false + true | ref(:guest) | Featurable::ENABLED | false + true | ref(:non_member) | Featurable::ENABLED | false + end + with_them do + before do + stub_feature_flags(ml_experiment_tracking: ff_ml_experiment_tracking) + project.project_feature.update!(model_experiments_access_level: access_level) + end + + if params[:allowed] + it { is_expected.to be_allowed(:write_model_experiments) } + else + it { is_expected.not_to be_allowed(:write_model_experiments) } + end + end + end + describe 'when project is created and owned by a banned user' do let_it_be(:project) { create(:project, :public) } diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_create_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/create_spec.rb index a89fc6eb6f1..0d5e5f5d2fb 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_create_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/create_spec.rb @@ -70,7 +70,7 @@ RSpec.describe 'PipelineSchedulecreate', feature_category: :continuous_integrati # Move this from `shared_context` to `context` when `ci_refactoring_pipeline_schedule_create_service` is removed. shared_context 'when authorized' do # rubocop:disable RSpec/ContextWording - before do + before_all do project.add_developer(user) end diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_delete_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/delete_spec.rb index b846ff0aec8..e79395bb52c 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_delete_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/delete_spec.rb @@ -30,13 +30,13 @@ RSpec.describe 'PipelineScheduleDelete', feature_category: :continuous_integrati expect(graphql_errors[0]['message']) .to eq( "The resource that you are attempting to access does not exist " \ - "or you don't have permission to perform this action" + "or you don't have permission to perform this action" ) end end context 'when authorized' do - before do + before_all do project.add_maintainer(user) end diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/play_spec.rb index 492c6946c99..55ecf8f287e 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/play_spec.rb @@ -37,13 +37,13 @@ RSpec.describe 'PipelineSchedulePlay', feature_category: :continuous_integration expect(graphql_errors[0]['message']) .to eq( "The resource that you are attempting to access does not exist " \ - "or you don't have permission to perform this action" + "or you don't have permission to perform this action" ) end end context 'when authorized', :sidekiq_inline do - before do + before_all do project.add_maintainer(user) pipeline_schedule.update_columns(next_run_at: 2.hours.ago) end diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_take_ownership_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/take_ownership_spec.rb index 2d1f1565a73..2d1f1565a73 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_take_ownership_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/take_ownership_spec.rb diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_update_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/update_spec.rb index 3c3dcfc0a2d..ec1595f393f 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_update_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule/update_spec.rb @@ -64,7 +64,7 @@ RSpec.describe 'PipelineScheduleUpdate', feature_category: :continuous_integrati end context 'when authorized' do - before do + before_all do project.add_developer(user) end diff --git a/spec/requests/api/protected_branches_spec.rb b/spec/requests/api/protected_branches_spec.rb index ad3a69fec9d..b79cff5a905 100644 --- a/spec/requests/api/protected_branches_spec.rb +++ b/spec/requests/api/protected_branches_spec.rb @@ -125,6 +125,17 @@ RSpec.describe API::ProtectedBranches, feature_category: :source_code_management ) end end + + context 'when a deploy key is not present' do + it 'returns null deploy key field' do + create(:protected_branch_push_access_level, protected_branch: protected_branch) + get api(route, user) + + expect(json_response['push_access_levels']).to include( + a_hash_including('deploy_key_id' => nil) + ) + end + end end context 'when authenticated as a developer' do diff --git a/spec/requests/api/protected_tags_spec.rb b/spec/requests/api/protected_tags_spec.rb index 4e7227b2294..8a98c751877 100644 --- a/spec/requests/api/protected_tags_spec.rb +++ b/spec/requests/api/protected_tags_spec.rb @@ -99,6 +99,17 @@ RSpec.describe API::ProtectedTags, feature_category: :source_code_management do ) end end + + context 'when a deploy key is not present' do + it 'returns null deploy key field' do + create(:protected_tag_create_access_level, protected_tag: protected_tag) + get api(route, user) + + expect(json_response['create_access_levels']).to include( + a_hash_including('deploy_key_id' => nil) + ) + end + end end context 'when authenticated as a guest' do diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index 0f0ce6ae61e..0feff90d088 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -871,7 +871,7 @@ RSpec.describe API::Search, :clean_gitlab_redis_rate_limiting, feature_category: get api(endpoint, user), params: { scope: 'wiki_blobs', search: 'awesome' } end - it_behaves_like 'response is correct', schema: 'public_api/v4/blobs' + it_behaves_like 'response is correct', schema: 'public_api/v4/wiki_blobs' it_behaves_like 'ping counters', scope: :wiki_blobs diff --git a/spec/requests/projects/ml/candidates_controller_spec.rb b/spec/requests/projects/ml/candidates_controller_spec.rb index eec7af99063..4c7491970e1 100644 --- a/spec/requests/projects/ml/candidates_controller_spec.rb +++ b/spec/requests/projects/ml/candidates_controller_spec.rb @@ -10,13 +10,17 @@ RSpec.describe Projects::Ml::CandidatesController, feature_category: :mlops do let(:ff_value) { true } let(:candidate_iid) { candidate.iid } - let(:model_experiments_enabled) { true } + let(:read_model_experiments) { true } + let(:write_model_experiments) { true } before do allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?) .with(user, :read_model_experiments, project) - .and_return(model_experiments_enabled) + .and_return(read_model_experiments) + allow(Ability).to receive(:allowed?) + .with(user, :write_model_experiments, project) + .and_return(write_model_experiments) sign_in(user) end @@ -34,9 +38,9 @@ RSpec.describe Projects::Ml::CandidatesController, feature_category: :mlops do end end - shared_examples '404 when model experiments is unavailable' do + shared_examples 'requires read_model_experiments' do context 'when user does not have access' do - let(:model_experiments_enabled) { false } + let(:read_model_experiments) { false } it_behaves_like 'renders 404' end @@ -61,7 +65,7 @@ RSpec.describe Projects::Ml::CandidatesController, feature_category: :mlops do end it_behaves_like '404 if candidate does not exist' - it_behaves_like '404 when model experiments is unavailable' + it_behaves_like 'requires read_model_experiments' end describe 'DELETE #destroy' do @@ -83,7 +87,14 @@ RSpec.describe Projects::Ml::CandidatesController, feature_category: :mlops do end it_behaves_like '404 if candidate does not exist' - it_behaves_like '404 when model experiments is unavailable' + + describe 'requires write_model_experiments' do + let(:write_model_experiments) { false } + + it 'is 404' do + expect(response).to have_gitlab_http_status(:not_found) + end + end end private diff --git a/spec/requests/projects/ml/experiments_controller_spec.rb b/spec/requests/projects/ml/experiments_controller_spec.rb index e2d26e84f75..9440c716640 100644 --- a/spec/requests/projects/ml/experiments_controller_spec.rb +++ b/spec/requests/projects/ml/experiments_controller_spec.rb @@ -15,13 +15,17 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do let(:ff_value) { true } let(:basic_params) { { namespace_id: project.namespace.to_param, project_id: project } } let(:experiment_iid) { experiment.iid } - let(:model_experiments_enabled) { true } + let(:read_model_experiments) { true } + let(:write_model_experiments) { true } before do allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?) .with(user, :read_model_experiments, project) - .and_return(model_experiments_enabled) + .and_return(read_model_experiments) + allow(Ability).to receive(:allowed?) + .with(user, :write_model_experiments, project) + .and_return(write_model_experiments) sign_in(user) end @@ -40,9 +44,9 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do end end - shared_examples '404 when model experiments is unavailable' do + shared_examples 'requires read_model_experiments' do context 'when user does not have access' do - let(:model_experiments_enabled) { false } + let(:read_model_experiments) { false } it_behaves_like 'renders 404' end @@ -100,7 +104,7 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do end end - it_behaves_like '404 when model experiments is unavailable' do + it_behaves_like 'requires read_model_experiments' do before do list_experiments end @@ -211,7 +215,7 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do end it_behaves_like '404 if experiment does not exist' - it_behaves_like '404 when model experiments is unavailable' + it_behaves_like 'requires read_model_experiments' end end @@ -243,7 +247,7 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do end it_behaves_like '404 if experiment does not exist' - it_behaves_like '404 when model experiments is unavailable' + it_behaves_like 'requires read_model_experiments' end end end @@ -268,7 +272,14 @@ RSpec.describe Projects::Ml::ExperimentsController, feature_category: :mlops do end it_behaves_like '404 if experiment does not exist' - it_behaves_like '404 when model experiments is unavailable' + + describe 'requires write_model_experiments' do + let(:write_model_experiments) { false } + + it 'is 404' do + expect(response).to have_gitlab_http_status(:not_found) + end + end end private |
