diff options
38 files changed, 447 insertions, 79 deletions
diff --git a/app/assets/javascripts/graphql_shared/fragments/alert.fragment.graphql b/app/assets/javascripts/graphql_shared/fragments/alert.fragment.graphql index 41e7ed98c78..2c771c32e16 100644 --- a/app/assets/javascripts/graphql_shared/fragments/alert.fragment.graphql +++ b/app/assets/javascripts/graphql_shared/fragments/alert.fragment.graphql @@ -11,12 +11,4 @@ fragment AlertListItem on AlertManagementAlert { title webUrl } - assignees { - nodes { - name - username - avatarUrl - webUrl - } - } } diff --git a/app/assets/javascripts/vue_shared/alert_details/graphql/fragments/alert_detail_item.fragment.graphql b/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql index 9a9ae369519..9a9ae369519 100644 --- a/app/assets/javascripts/vue_shared/alert_details/graphql/fragments/alert_detail_item.fragment.graphql +++ b/app/assets/javascripts/graphql_shared/fragments/alert_detail_item.fragment.graphql diff --git a/app/assets/javascripts/vue_shared/alert_details/graphql/queries/alert_details.query.graphql b/app/assets/javascripts/graphql_shared/queries/alert_details.query.graphql index 5ee2cf7ca44..5ee2cf7ca44 100644 --- a/app/assets/javascripts/vue_shared/alert_details/graphql/queries/alert_details.query.graphql +++ b/app/assets/javascripts/graphql_shared/queries/alert_details.query.graphql diff --git a/app/assets/javascripts/graphql_shared/queries/get_alerts.query.graphql b/app/assets/javascripts/graphql_shared/queries/get_alerts.query.graphql index 7a676e67f1b..095e4fe29df 100644 --- a/app/assets/javascripts/graphql_shared/queries/get_alerts.query.graphql +++ b/app/assets/javascripts/graphql_shared/queries/get_alerts.query.graphql @@ -1,4 +1,5 @@ #import "~/graphql_shared/fragments/alert.fragment.graphql" +#import "~/graphql_shared/fragments/user.fragment.graphql" query getAlerts( $projectPath: ID! @@ -26,6 +27,11 @@ query getAlerts( ) { nodes { ...AlertListItem + assignees { + nodes { + ...User + } + } } pageInfo { hasNextPage diff --git a/app/assets/javascripts/issue_show/constants.js b/app/assets/javascripts/issue_show/constants.js index e11fc46606b..d93f38c2ee1 100644 --- a/app/assets/javascripts/issue_show/constants.js +++ b/app/assets/javascripts/issue_show/constants.js @@ -16,6 +16,7 @@ export const IssuableType = { Issue: 'issue', Epic: 'epic', MergeRequest: 'merge_request', + Alert: 'alert', }; export const IssueStateEvent = { diff --git a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue index 932be7addc0..886df94a7c4 100644 --- a/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue +++ b/app/assets/javascripts/sidebar/components/assignees/sidebar_assignees_widget.vue @@ -61,7 +61,7 @@ export default { required: false, default: IssuableType.Issue, validator(value) { - return [IssuableType.Issue, IssuableType.MergeRequest].includes(value); + return [IssuableType.Issue, IssuableType.MergeRequest, IssuableType.Alert].includes(value); }, }, issuableId: { diff --git a/app/assets/javascripts/sidebar/constants.js b/app/assets/javascripts/sidebar/constants.js index a4e6d8854d1..95b0de38a8e 100644 --- a/app/assets/javascripts/sidebar/constants.js +++ b/app/assets/javascripts/sidebar/constants.js @@ -19,6 +19,8 @@ import updateIssueConfidentialMutation from '~/sidebar/queries/update_issue_conf import updateIssueDueDateMutation from '~/sidebar/queries/update_issue_due_date.mutation.graphql'; import updateIssueSubscriptionMutation from '~/sidebar/queries/update_issue_subscription.mutation.graphql'; import updateMergeRequestSubscriptionMutation from '~/sidebar/queries/update_merge_request_subscription.mutation.graphql'; +import updateAlertAssigneesMutation from '~/vue_shared/alert_details/graphql/mutations/alert_set_assignees.mutation.graphql'; +import getAlertAssignees from '~/vue_shared/components/sidebar/queries/get_alert_assignees.query.graphql'; import getIssueAssignees from '~/vue_shared/components/sidebar/queries/get_issue_assignees.query.graphql'; import issueParticipantsQuery from '~/vue_shared/components/sidebar/queries/get_issue_participants.query.graphql'; import getIssueTimelogsQuery from '~/vue_shared/components/sidebar/queries/get_issue_timelogs.query.graphql'; @@ -40,6 +42,10 @@ export const assigneesQueries = { query: getMergeRequestAssignees, mutation: updateMergeRequestAssigneesMutation, }, + [IssuableType.Alert]: { + query: getAlertAssignees, + mutation: updateAlertAssigneesMutation, + }, }; export const participantsQueries = { @@ -52,6 +58,10 @@ export const participantsQueries = { [IssuableType.Epic]: { query: epicParticipantsQuery, }, + [IssuableType.Alert]: { + query: '', + skipQuery: true, + }, }; export const confidentialityQueries = { diff --git a/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue b/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue index 3905ce2596c..d595c49f9aa 100644 --- a/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue +++ b/app/assets/javascripts/vue_shared/alert_details/components/alert_details.vue @@ -24,7 +24,7 @@ import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue'; import { PAGE_CONFIG, SEVERITY_LEVELS } from '../constants'; import createIssueMutation from '../graphql/mutations/alert_issue_create.mutation.graphql'; import toggleSidebarStatusMutation from '../graphql/mutations/alert_sidebar_status.mutation.graphql'; -import alertQuery from '../graphql/queries/alert_details.query.graphql'; +import alertQuery from '../graphql/queries/alert_sidebar_details.query.graphql'; import sidebarStatusQuery from '../graphql/queries/alert_sidebar_status.query.graphql'; import AlertMetrics from './alert_metrics.vue'; import AlertSidebar from './alert_sidebar.vue'; diff --git a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue index ef31106b709..b7544a4a5d0 100644 --- a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue +++ b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_assignees.vue @@ -167,10 +167,10 @@ export default { variables: { iid: this.alert.iid, assigneeUsernames: [this.isActive(assignees) ? '' : assignees], - projectPath: this.projectPath, + fullPath: this.projectPath, }, }) - .then(({ data: { alertSetAssignees: { errors } = [] } = {} } = {}) => { + .then(({ data: { issuableSetAssignees: { errors } = [] } = {} } = {}) => { this.hideDropdown(); if (errors[0]) { diff --git a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_todo.vue b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_todo.vue index a2a4046ab81..322ea64eb7e 100644 --- a/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_todo.vue +++ b/app/assets/javascripts/vue_shared/alert_details/components/sidebar/sidebar_todo.vue @@ -4,7 +4,7 @@ import todoMarkDoneMutation from '~/graphql_shared/mutations/todo_mark_done.muta import { s__ } from '~/locale'; import Todo from '~/sidebar/components/todo_toggle/todo.vue'; import createAlertTodoMutation from '../../graphql/mutations/alert_todo_create.mutation.graphql'; -import alertQuery from '../../graphql/queries/alert_details.query.graphql'; +import alertQuery from '../../graphql/queries/alert_sidebar_details.query.graphql'; export default { i18n: { diff --git a/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_set_assignees.mutation.graphql b/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_set_assignees.mutation.graphql index 63d952a4857..33091f1ba5e 100644 --- a/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_set_assignees.mutation.graphql +++ b/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_set_assignees.mutation.graphql @@ -1,18 +1,18 @@ #import "~/graphql_shared/fragments/alert_note.fragment.graphql" +#import "~/graphql_shared/fragments/user.fragment.graphql" +#import "~/graphql_shared/fragments/user_availability.fragment.graphql" -mutation alertSetAssignees($projectPath: ID!, $assigneeUsernames: [String!]!, $iid: String!) { - alertSetAssignees( - input: { iid: $iid, assigneeUsernames: $assigneeUsernames, projectPath: $projectPath } +mutation alertSetAssignees($fullPath: ID!, $assigneeUsernames: [String!]!, $iid: String!) { + issuableSetAssignees: alertSetAssignees( + input: { iid: $iid, assigneeUsernames: $assigneeUsernames, projectPath: $fullPath } ) { errors - alert { + issuable: alert { iid assignees { nodes { - username - name - avatarUrl - webUrl + ...User + ...UserAvailability } } notes { diff --git a/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_todo_create.mutation.graphql b/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_todo_create.mutation.graphql index dc961b5eb90..c860bf0915c 100644 --- a/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_todo_create.mutation.graphql +++ b/app/assets/javascripts/vue_shared/alert_details/graphql/mutations/alert_todo_create.mutation.graphql @@ -1,10 +1,16 @@ -#import "../fragments/alert_detail_item.fragment.graphql" +#import "~/graphql_shared/fragments/alert_detail_item.fragment.graphql" +#import "~/graphql_shared/fragments/user.fragment.graphql" mutation alertTodoCreate($projectPath: ID!, $iid: String!) { alertTodoCreate(input: { iid: $iid, projectPath: $projectPath }) { errors alert { ...AlertDetailItem + assignees { + nodes { + ...User + } + } } } } diff --git a/app/assets/javascripts/vue_shared/alert_details/graphql/queries/alert_sidebar_details.query.graphql b/app/assets/javascripts/vue_shared/alert_details/graphql/queries/alert_sidebar_details.query.graphql new file mode 100644 index 00000000000..da5f1a00e11 --- /dev/null +++ b/app/assets/javascripts/vue_shared/alert_details/graphql/queries/alert_sidebar_details.query.graphql @@ -0,0 +1,17 @@ +#import "~/graphql_shared/fragments/alert_detail_item.fragment.graphql" +#import "~/graphql_shared/fragments/user.fragment.graphql" + +query alertDetails($fullPath: ID!, $alertId: String) { + project(fullPath: $fullPath) { + alertManagementAlerts(iid: $alertId) { + nodes { + ...AlertDetailItem + assignees { + nodes { + ...User + } + } + } + } + } +} diff --git a/app/assets/javascripts/vue_shared/components/sidebar/queries/get_alert_assignees.query.graphql b/app/assets/javascripts/vue_shared/components/sidebar/queries/get_alert_assignees.query.graphql new file mode 100644 index 00000000000..d99fc125012 --- /dev/null +++ b/app/assets/javascripts/vue_shared/components/sidebar/queries/get_alert_assignees.query.graphql @@ -0,0 +1,20 @@ +#import "~/graphql_shared/fragments/user.fragment.graphql" +#import "~/graphql_shared/fragments/user_availability.fragment.graphql" + +query alertAssignees( + $domain: AlertManagementDomainFilter = threat_monitoring + $fullPath: ID! + $iid: String! +) { + workspace: project(fullPath: $fullPath) { + issuable: alertManagementAlert(domain: $domain, iid: $iid) { + iid + assignees { + nodes { + ...User + ...UserAvailability + } + } + } + } +} diff --git a/app/assets/javascripts/vue_shared/components/user_select/user_select.vue b/app/assets/javascripts/vue_shared/components/user_select/user_select.vue index 3116d2fbf32..460f91ce67f 100644 --- a/app/assets/javascripts/vue_shared/components/user_select/user_select.vue +++ b/app/assets/javascripts/vue_shared/components/user_select/user_select.vue @@ -74,6 +74,9 @@ export default { query() { return participantsQueries[this.issuableType].query; }, + skip() { + return Boolean(participantsQueries[this.issuableType].skipQuery); + }, variables() { return { iid: this.iid, diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb index c6a0736db58..6d398471dcd 100644 --- a/app/models/ci/runner.rb +++ b/app/models/ci/runner.rb @@ -363,11 +363,7 @@ module Ci end def pick_build!(build) - if Feature.enabled?(:ci_reduce_queries_when_ticking_runner_queue, self, default_enabled: :yaml) - tick_runner_queue if matches_build?(build) - else - tick_runner_queue if can_pick?(build) - end + tick_runner_queue if matches_build?(build) end def uncached_contacted_at diff --git a/config/feature_flags/development/ci_reduce_queries_when_ticking_runner_queue.yml b/config/feature_flags/development/ci_reduce_queries_when_ticking_runner_queue.yml deleted file mode 100644 index 56f5afa9ed0..00000000000 --- a/config/feature_flags/development/ci_reduce_queries_when_ticking_runner_queue.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: ci_reduce_queries_when_ticking_runner_queue -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/55496 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/323328 -milestone: '13.10' -type: development -group: group::continuous integration -default_enabled: true diff --git a/config/initializers/0_acts_as_taggable.rb b/config/initializers/0_acts_as_taggable.rb index 9a92b8f2d18..9f66d970ffd 100644 --- a/config/initializers/0_acts_as_taggable.rb +++ b/config/initializers/0_acts_as_taggable.rb @@ -9,3 +9,7 @@ ActsAsTaggableOn.tags_counter = false # validate that counter cache is disabled raise "Counter cache is not disabled" if ActsAsTaggableOn::Tagging.reflections["tag"].options[:counter_cache] + +ActsAsTaggableOn::Tagging.include IgnorableColumns +ActsAsTaggableOn::Tagging.ignore_column :id_convert_to_bigint, remove_with: '14.2', remove_after: '2021-08-22' +ActsAsTaggableOn::Tagging.ignore_column :taggable_id_convert_to_bigint, remove_with: '14.2', remove_after: '2021-08-22' diff --git a/config/initializers/gitlab_experiment.rb b/config/initializers/gitlab_experiment.rb index a312755f300..055979bb66b 100644 --- a/config/initializers/gitlab_experiment.rb +++ b/config/initializers/gitlab_experiment.rb @@ -5,4 +5,13 @@ Gitlab::Experiment.configure do |config| config.cache = Gitlab::Experiment::Cache::RedisHashStore.new( pool: ->(&block) { Gitlab::Redis::SharedState.with { |redis| block.call(redis) } } ) + + # TODO: This will be deprecated as of v0.6.0, but needs to stay intact for + # actively running experiments until a versioning concept is put in place to + # enable migrating into the new SHA2 strategy. + config.context_hash_strategy = lambda do |source, seed| + source = source.keys + source.values if source.is_a?(Hash) + data = Array(source).map { |v| (v.respond_to?(:to_global_id) ? v.to_global_id : v).to_s } + Digest::MD5.hexdigest(data.unshift(seed).join('|')) + end end diff --git a/db/migrate/20210506150833_create_vulnerability_finding_evidence_headers.rb b/db/migrate/20210506150833_create_vulnerability_finding_evidence_headers.rb new file mode 100644 index 00000000000..0e584303e51 --- /dev/null +++ b/db/migrate/20210506150833_create_vulnerability_finding_evidence_headers.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +class CreateVulnerabilityFindingEvidenceHeaders < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + create_table_with_constraints :vulnerability_finding_evidence_headers do |t| + t.timestamps_with_timezone null: false + + t.references :vulnerability_finding_evidence_request, index: { name: 'finding_evidence_header_on_finding_evidence_request_id' }, null: true, foreign_key: { on_delete: :cascade } + t.references :vulnerability_finding_evidence_response, index: { name: 'finding_evidence_header_on_finding_evidence_response_id' }, null: true, foreign_key: { on_delete: :cascade } + t.text :name, null: false + t.text :value, null: false + + t.text_limit :name, 255 + t.text_limit :value, 8192 + end + end + + def down + with_lock_retries do + drop_table :vulnerability_finding_evidence_headers + end + end +end diff --git a/db/migrate/20210520133032_initialize_conversion_of_taggings_to_bigint.rb b/db/migrate/20210520133032_initialize_conversion_of_taggings_to_bigint.rb new file mode 100644 index 00000000000..e154c25b082 --- /dev/null +++ b/db/migrate/20210520133032_initialize_conversion_of_taggings_to_bigint.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +class InitializeConversionOfTaggingsToBigint < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + TABLE = :taggings + COLUMNS = %i(id taggable_id) + + def up + initialize_conversion_of_integer_to_bigint(TABLE, COLUMNS) + end + + def down + revert_initialize_conversion_of_integer_to_bigint(TABLE, COLUMNS) + end +end diff --git a/db/migrate/20210520133440_backfill_taggings_for_bigint_conversion.rb b/db/migrate/20210520133440_backfill_taggings_for_bigint_conversion.rb new file mode 100644 index 00000000000..63ac308e4be --- /dev/null +++ b/db/migrate/20210520133440_backfill_taggings_for_bigint_conversion.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +class BackfillTaggingsForBigintConversion < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + TABLE = :taggings + COLUMNS = %i(id taggable_id) + + def up + backfill_conversion_of_integer_to_bigint TABLE, COLUMNS, batch_size: 15000, sub_batch_size: 100 + end + + def down + revert_backfill_conversion_of_integer_to_bigint TABLE, COLUMNS + end +end diff --git a/db/post_migrate/20210426225417_schedule_recalculate_uuid_on_vulnerabilities_occurrences2.rb b/db/post_migrate/20210426225417_schedule_recalculate_uuid_on_vulnerabilities_occurrences2.rb new file mode 100644 index 00000000000..96eea2d5d77 --- /dev/null +++ b/db/post_migrate/20210426225417_schedule_recalculate_uuid_on_vulnerabilities_occurrences2.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +class ScheduleRecalculateUuidOnVulnerabilitiesOccurrences2 < ActiveRecord::Migration[6.0] + include Gitlab::Database::MigrationHelpers + + MIGRATION = 'RecalculateVulnerabilitiesOccurrencesUuid' + DELAY_INTERVAL = 2.minutes.to_i + BATCH_SIZE = 2_500 + + disable_ddl_transaction! + + class VulnerabilitiesFinding < ActiveRecord::Base + include ::EachBatch + self.inheritance_column = :_type_disabled + + self.table_name = "vulnerability_occurrences" + end + + def up + # Make sure that RemoveDuplicateVulnerabilitiesFindings has finished running + # so that we don't run into duplicate UUID issues + Gitlab::BackgroundMigration.steal('RemoveDuplicateVulnerabilitiesFindings') + + say "Scheduling #{MIGRATION} jobs" + queue_background_migration_jobs_by_range_at_intervals( + VulnerabilitiesFinding, + MIGRATION, + DELAY_INTERVAL, + batch_size: BATCH_SIZE, + track_jobs: true + ) + end + + def down + # no-op + end +end diff --git a/db/schema_migrations/20210426225417 b/db/schema_migrations/20210426225417 new file mode 100644 index 00000000000..2ba6e666520 --- /dev/null +++ b/db/schema_migrations/20210426225417 @@ -0,0 +1 @@ +50d370d2465fa4c0d3c2bd963d5745474ca35a43609d0e754f3fe69eb7a7179f
\ No newline at end of file diff --git a/db/schema_migrations/20210506150833 b/db/schema_migrations/20210506150833 new file mode 100644 index 00000000000..e63559fee8a --- /dev/null +++ b/db/schema_migrations/20210506150833 @@ -0,0 +1 @@ +18fdca797ea7f3a60ce5b421bec7af1ea0b0b73fbf6e1c23592acbc9d13a0a52
\ No newline at end of file diff --git a/db/schema_migrations/20210520133032 b/db/schema_migrations/20210520133032 new file mode 100644 index 00000000000..169203e33cd --- /dev/null +++ b/db/schema_migrations/20210520133032 @@ -0,0 +1 @@ +eddbcd18c17f9017a2cdfb6fc0144dcfcb539d3617271722b2918bdbe48c481a
\ No newline at end of file diff --git a/db/schema_migrations/20210520133440 b/db/schema_migrations/20210520133440 new file mode 100644 index 00000000000..d5644ab8927 --- /dev/null +++ b/db/schema_migrations/20210520133440 @@ -0,0 +1 @@ +3ee15db28406522a5fb591395dd3d4a46b10e958339dc60ded3751e23096864d
\ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 7e2a540c6f1..6dfa80f16fd 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -170,6 +170,16 @@ BEGIN END; $$; +CREATE FUNCTION trigger_aebe8b822ad3() RETURNS trigger + LANGUAGE plpgsql + AS $$ +BEGIN + NEW."id_convert_to_bigint" := NEW."id"; + NEW."taggable_id_convert_to_bigint" := NEW."taggable_id"; + RETURN NEW; +END; +$$; + CREATE FUNCTION trigger_be1804f21693() RETURNS trigger LANGUAGE plpgsql AS $$ @@ -18218,7 +18228,9 @@ CREATE TABLE taggings ( tagger_id integer, tagger_type character varying, context character varying, - created_at timestamp without time zone + created_at timestamp without time zone, + id_convert_to_bigint bigint DEFAULT 0 NOT NULL, + taggable_id_convert_to_bigint bigint ); CREATE SEQUENCE taggings_id_seq @@ -18924,6 +18936,27 @@ CREATE SEQUENCE vulnerability_feedback_id_seq ALTER SEQUENCE vulnerability_feedback_id_seq OWNED BY vulnerability_feedback.id; +CREATE TABLE vulnerability_finding_evidence_headers ( + id bigint NOT NULL, + created_at timestamp with time zone NOT NULL, + updated_at timestamp with time zone NOT NULL, + vulnerability_finding_evidence_request_id bigint, + vulnerability_finding_evidence_response_id bigint, + name text NOT NULL, + value text NOT NULL, + CONSTRAINT check_01d21e8d92 CHECK ((char_length(name) <= 255)), + CONSTRAINT check_3f9011f903 CHECK ((char_length(value) <= 8192)) +); + +CREATE SEQUENCE vulnerability_finding_evidence_headers_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE vulnerability_finding_evidence_headers_id_seq OWNED BY vulnerability_finding_evidence_headers.id; + CREATE TABLE vulnerability_finding_evidence_requests ( id bigint NOT NULL, created_at timestamp with time zone NOT NULL, @@ -20299,6 +20332,8 @@ ALTER TABLE ONLY vulnerability_external_issue_links ALTER COLUMN id SET DEFAULT ALTER TABLE ONLY vulnerability_feedback ALTER COLUMN id SET DEFAULT nextval('vulnerability_feedback_id_seq'::regclass); +ALTER TABLE ONLY vulnerability_finding_evidence_headers ALTER COLUMN id SET DEFAULT nextval('vulnerability_finding_evidence_headers_id_seq'::regclass); + ALTER TABLE ONLY vulnerability_finding_evidence_requests ALTER COLUMN id SET DEFAULT nextval('vulnerability_finding_evidence_requests_id_seq'::regclass); ALTER TABLE ONLY vulnerability_finding_evidence_responses ALTER COLUMN id SET DEFAULT nextval('vulnerability_finding_evidence_responses_id_seq'::regclass); @@ -21981,6 +22016,9 @@ ALTER TABLE ONLY vulnerability_external_issue_links ALTER TABLE ONLY vulnerability_feedback ADD CONSTRAINT vulnerability_feedback_pkey PRIMARY KEY (id); +ALTER TABLE ONLY vulnerability_finding_evidence_headers + ADD CONSTRAINT vulnerability_finding_evidence_headers_pkey PRIMARY KEY (id); + ALTER TABLE ONLY vulnerability_finding_evidence_requests ADD CONSTRAINT vulnerability_finding_evidence_requests_pkey PRIMARY KEY (id); @@ -22221,6 +22259,10 @@ CREATE UNIQUE INDEX epic_user_mentions_on_epic_id_and_note_id_index ON epic_user CREATE UNIQUE INDEX epic_user_mentions_on_epic_id_index ON epic_user_mentions USING btree (epic_id) WHERE (note_id IS NULL); +CREATE INDEX finding_evidence_header_on_finding_evidence_request_id ON vulnerability_finding_evidence_headers USING btree (vulnerability_finding_evidence_request_id); + +CREATE INDEX finding_evidence_header_on_finding_evidence_response_id ON vulnerability_finding_evidence_headers USING btree (vulnerability_finding_evidence_response_id); + CREATE INDEX finding_evidence_requests_on_finding_evidence_id ON vulnerability_finding_evidence_requests USING btree (vulnerability_finding_evidence_id); CREATE INDEX finding_evidence_responses_on_finding_evidences_id ON vulnerability_finding_evidence_responses USING btree (vulnerability_finding_evidence_id); @@ -25263,6 +25305,8 @@ CREATE TRIGGER trigger_8487d4de3e7b BEFORE INSERT OR UPDATE ON ci_builds_metadat CREATE TRIGGER trigger_91dc388a5fe6 BEFORE INSERT OR UPDATE ON ci_build_trace_sections FOR EACH ROW EXECUTE FUNCTION trigger_91dc388a5fe6(); +CREATE TRIGGER trigger_aebe8b822ad3 BEFORE INSERT OR UPDATE ON taggings FOR EACH ROW EXECUTE FUNCTION trigger_aebe8b822ad3(); + CREATE TRIGGER trigger_be1804f21693 BEFORE INSERT OR UPDATE ON ci_job_artifacts FOR EACH ROW EXECUTE FUNCTION trigger_be1804f21693(); CREATE TRIGGER trigger_cf2f9e35f002 BEFORE INSERT OR UPDATE ON ci_build_trace_chunks FOR EACH ROW EXECUTE FUNCTION trigger_cf2f9e35f002(); @@ -26710,6 +26754,9 @@ ALTER TABLE ONLY vulnerability_findings_remediations ALTER TABLE ONLY resource_iteration_events ADD CONSTRAINT fk_rails_6830c13ac1 FOREIGN KEY (merge_request_id) REFERENCES merge_requests(id) ON DELETE CASCADE; +ALTER TABLE ONLY vulnerability_finding_evidence_headers + ADD CONSTRAINT fk_rails_683b8e000c FOREIGN KEY (vulnerability_finding_evidence_response_id) REFERENCES vulnerability_finding_evidence_responses(id) ON DELETE CASCADE; + ALTER TABLE ONLY geo_hashed_storage_migrated_events ADD CONSTRAINT fk_rails_687ed7d7c5 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE; @@ -27280,6 +27327,9 @@ ALTER TABLE ONLY operations_strategies_user_lists ALTER TABLE ONLY issue_tracker_data ADD CONSTRAINT fk_rails_ccc0840427 FOREIGN KEY (service_id) REFERENCES services(id) ON DELETE CASCADE; +ALTER TABLE ONLY vulnerability_finding_evidence_headers + ADD CONSTRAINT fk_rails_ce7f121a03 FOREIGN KEY (vulnerability_finding_evidence_request_id) REFERENCES vulnerability_finding_evidence_requests(id) ON DELETE CASCADE; + ALTER TABLE ONLY resource_milestone_events ADD CONSTRAINT fk_rails_cedf8cce4d FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL; diff --git a/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb b/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb index 888a12f2330..a00d291245c 100644 --- a/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb +++ b/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid.rb @@ -58,6 +58,13 @@ class Gitlab::BackgroundMigration::RecalculateVulnerabilitiesOccurrencesUuid end ::Gitlab::Database::BulkUpdate.execute(%i[uuid], mappings) + + logger.info(message: 'RecalculateVulnerabilitiesOccurrencesUuid Migration: recalculation is done for:', + finding_ids: mappings.keys.pluck(:id)) + + mark_job_as_succeeded(start_id, end_id) + rescue StandardError => error + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(error) end private @@ -76,4 +83,15 @@ class Gitlab::BackgroundMigration::RecalculateVulnerabilitiesOccurrencesUuid CalculateFindingUUID.call(name) end + + def logger + @logger ||= Gitlab::BackgroundMigration::Logger.build + end + + def mark_job_as_succeeded(*arguments) + Gitlab::Database::BackgroundMigrationJob.mark_all_as_succeeded( + 'RecalculateVulnerabilitiesOccurrencesUuid', + arguments + ) + end end diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb index 6f6147f0f32..ef6fda5a505 100644 --- a/lib/gitlab/content_security_policy/config_loader.rb +++ b/lib/gitlab/content_security_policy/config_loader.rb @@ -14,7 +14,6 @@ module Gitlab 'directives' => { 'default_src' => "'self'", 'base_uri' => "'self'", - 'child_src' => "'none'", 'connect_src' => "'self'", 'font_src' => "'self'", 'form_action' => "'self' https: http:", @@ -31,6 +30,11 @@ module Gitlab } } + # frame-src was deprecated in CSP level 2 in favor of child-src + # CSP level 3 "undeprecated" frame-src and browsers fall back on child-src if it's missing + # However Safari seems to read child-src first so we'll just keep both equal + settings_hash['directives']['child_src'] = settings_hash['directives']['frame_src'] + allow_webpack_dev_server(settings_hash) if Rails.env.development? allow_cdn(settings_hash) if ENV['GITLAB_CDN_HOST'].present? diff --git a/lib/tasks/gitlab/docs/redirect.rake b/lib/tasks/gitlab/docs/redirect.rake index bb5dad94a8f..71e0b6ab2c5 100644 --- a/lib/tasks/gitlab/docs/redirect.rake +++ b/lib/tasks/gitlab/docs/redirect.rake @@ -112,13 +112,12 @@ namespace :gitlab do # The remove_date of redirects.yaml should be nine months in the future. # To not be confused with the remove_date of the Markdown page. # - if remove_date < today - File.delete(filename) if File.exist?(filename) + next unless remove_date < today - puts " - from: #{old_path}" - puts " to: #{new_path(frontmatter['redirect_to'], filename)}" - puts " remove_date: #{remove_date >> 9}" - end + File.delete(filename) if File.exist?(filename) + puts " - from: #{old_path}" + puts " to: #{new_path(frontmatter['redirect_to'], filename)}" + puts " remove_date: #{remove_date >> 9}" end end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 2b0403eb83f..eb6108a8268 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -16295,6 +16295,9 @@ msgstr "" msgid "Hashed storage can't be disabled anymore for new projects" msgstr "" +msgid "Header cannot be associated with both a request and a response" +msgstr "" + msgid "Header logo" msgstr "" @@ -16307,6 +16310,9 @@ msgstr "" msgid "Header message" msgstr "" +msgid "Header must be associated with a request or response" +msgstr "" + msgid "Headings" msgstr "" diff --git a/spec/frontend/vue_shared/alert_details/sidebar/alert_sidebar_assignees_spec.js b/spec/frontend/vue_shared/alert_details/sidebar/alert_sidebar_assignees_spec.js index db9b0930c06..9ae45071f45 100644 --- a/spec/frontend/vue_shared/alert_details/sidebar/alert_sidebar_assignees_spec.js +++ b/spec/frontend/vue_shared/alert_details/sidebar/alert_sidebar_assignees_spec.js @@ -21,6 +21,7 @@ describe('Alert Details Sidebar Assignees', () => { id: 1, name: 'User 1', username: 'root', + webUrl: 'https://gitlab:3443/root', }, { avatar_url: @@ -28,6 +29,7 @@ describe('Alert Details Sidebar Assignees', () => { id: 2, name: 'User 2', username: 'not-root', + webUrl: 'https://gitlab:3443/non-root', }, ]; @@ -128,7 +130,7 @@ describe('Alert Details Sidebar Assignees', () => { variables: { iid: '1527542', assigneeUsernames: ['root'], - projectPath: 'projectPath', + fullPath: 'projectPath', }, }); }); @@ -137,7 +139,7 @@ describe('Alert Details Sidebar Assignees', () => { wrapper.setData({ isDropdownSearching: false }); const errorMutationResult = { data: { - alertSetAssignees: { + issuableSetAssignees: { errors: ['There was a problem for sure.'], alert: {}, }, diff --git a/spec/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid_spec.rb b/spec/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid_spec.rb index 990ef4fbe6a..70906961641 100644 --- a/spec/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid_spec.rb +++ b/spec/lib/gitlab/background_migration/recalculate_vulnerabilities_occurrences_uuid_spec.rb @@ -73,6 +73,14 @@ RSpec.describe Gitlab::BackgroundMigration::RecalculateVulnerabilitiesOccurrence expect(vulnerabilities_findings.pluck(:uuid)).to eq([desired_uuid_v5]) end + + it 'logs recalculation' do + expect_next_instance_of(Gitlab::BackgroundMigration::Logger) do |instance| + expect(instance).to receive(:info).once + end + + subject + end end context "when finding has a UUIDv5" do @@ -99,6 +107,32 @@ RSpec.describe Gitlab::BackgroundMigration::RecalculateVulnerabilitiesOccurrence end end + context 'when recalculation fails' do + before do + @uuid_v4 = create_finding!( + vulnerability_id: vulnerability_for_uuidv4.id, + project_id: project.id, + scanner_id: different_scanner.id, + primary_identifier_id: different_vulnerability_identifier.id, + report_type: 0, # "sast" + location_fingerprint: "fa18f432f1d56675f4098d318739c3cd5b14eb3e", + uuid: known_uuid_v4 + ) + + allow(Gitlab::ErrorTracking).to receive(:track_and_raise_for_dev_exception) + allow(::Gitlab::Database::BulkUpdate).to receive(:execute).and_raise(expected_error) + end + + let(:finding) { @uuid_v4 } + let(:expected_error) { RuntimeError.new } + + it 'captures the errors and does not crash entirely' do + expect { subject }.not_to raise_error + + expect(Gitlab::ErrorTracking).to have_received(:track_and_raise_for_dev_exception).with(expected_error).once + end + end + private def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0) diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index 41a6c06f9c9..3ae780e16f5 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -35,6 +35,7 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(directives.has_key?('report_uri')).to be_truthy expect(directives['report_uri']).to be_nil + expect(directives['child_src']).to eq(directives['frame_src']) end context 'when GITLAB_CDN_HOST is set' do diff --git a/spec/migrations/schedule_recalculate_uuid_on_vulnerabilities_occurrences2_spec.rb b/spec/migrations/schedule_recalculate_uuid_on_vulnerabilities_occurrences2_spec.rb new file mode 100644 index 00000000000..e7d1813e428 --- /dev/null +++ b/spec/migrations/schedule_recalculate_uuid_on_vulnerabilities_occurrences2_spec.rb @@ -0,0 +1,127 @@ +# frozen_string_literal: true + +require 'spec_helper' +require_migration! + +RSpec.describe ScheduleRecalculateUuidOnVulnerabilitiesOccurrences2 do + let(:namespace) { table(:namespaces).create!(name: 'user', path: 'user') } + let(:users) { table(:users) } + let(:user) { create_user! } + let(:project) { table(:projects).create!(id: 123, namespace_id: namespace.id) } + let(:scanners) { table(:vulnerability_scanners) } + let(:scanner) { scanners.create!(project_id: project.id, external_id: 'test 1', name: 'test scanner 1') } + let(:different_scanner) { scanners.create!(project_id: project.id, external_id: 'test 2', name: 'test scanner 2') } + let(:vulnerabilities) { table(:vulnerabilities) } + let(:vulnerabilities_findings) { table(:vulnerability_occurrences) } + let(:vulnerability_identifiers) { table(:vulnerability_identifiers) } + let(:vulnerability_identifier) do + vulnerability_identifiers.create!( + project_id: project.id, + external_type: 'uuid-v5', + external_id: 'uuid-v5', + fingerprint: '7e394d1b1eb461a7406d7b1e08f057a1cf11287a', + name: 'Identifier for UUIDv5') + end + + let(:different_vulnerability_identifier) do + vulnerability_identifiers.create!( + project_id: project.id, + external_type: 'uuid-v4', + external_id: 'uuid-v4', + fingerprint: '772da93d34a1ba010bcb5efa9fb6f8e01bafcc89', + name: 'Identifier for UUIDv4') + end + + let(:vulnerability_for_uuidv4) do + create_vulnerability!( + project_id: project.id, + author_id: user.id + ) + end + + let(:vulnerability_for_uuidv5) do + create_vulnerability!( + project_id: project.id, + author_id: user.id + ) + end + + let!(:finding1) do + create_finding!( + vulnerability_id: vulnerability_for_uuidv4.id, + project_id: project.id, + scanner_id: different_scanner.id, + primary_identifier_id: different_vulnerability_identifier.id, + location_fingerprint: 'fa18f432f1d56675f4098d318739c3cd5b14eb3e', + uuid: 'b3cc2518-5446-4dea-871c-89d5e999c1ac' + ) + end + + let!(:finding2) do + create_finding!( + vulnerability_id: vulnerability_for_uuidv5.id, + project_id: project.id, + scanner_id: scanner.id, + primary_identifier_id: vulnerability_identifier.id, + location_fingerprint: '838574be0210968bf6b9f569df9c2576242cbf0a', + uuid: '77211ed6-7dff-5f6b-8c9a-da89ad0a9b60' + ) + end + + before do + stub_const("#{described_class}::BATCH_SIZE", 1) + end + + around do |example| + freeze_time { Sidekiq::Testing.fake! { example.run } } + end + + it 'schedules background migrations', :aggregate_failures do + migrate! + + expect(BackgroundMigrationWorker.jobs.size).to eq(2) + expect(described_class::MIGRATION).to be_scheduled_delayed_migration(2.minutes, finding1.id, finding1.id) + expect(described_class::MIGRATION).to be_scheduled_delayed_migration(4.minutes, finding2.id, finding2.id) + end + + private + + def create_vulnerability!(project_id:, author_id:, title: 'test', severity: 7, confidence: 7, report_type: 0) + vulnerabilities.create!( + project_id: project_id, + author_id: author_id, + title: title, + severity: severity, + confidence: confidence, + report_type: report_type + ) + end + + def create_finding!( + vulnerability_id:, project_id:, scanner_id:, primary_identifier_id:, location_fingerprint:, uuid:) + vulnerabilities_findings.create!( + vulnerability_id: vulnerability_id, + project_id: project_id, + name: 'test', + severity: 7, + confidence: 7, + report_type: 0, + project_fingerprint: '123qweasdzxc', + scanner_id: scanner_id, + primary_identifier_id: primary_identifier_id, + location_fingerprint: location_fingerprint, + metadata_version: 'test', + raw_metadata: 'test', + uuid: uuid + ) + end + + def create_user!(name: "Example User", email: "user@example.com", user_type: nil) + users.create!( + name: name, + email: email, + username: name, + projects_limit: 0 + ) + end +end diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb index 4fd76390e49..9f299b78a8a 100644 --- a/spec/models/ci/runner_spec.rb +++ b/spec/models/ci/runner_spec.rb @@ -919,29 +919,13 @@ RSpec.describe Ci::Runner do end end - context 'build picking improvement enabled' do - before do - stub_feature_flags(ci_reduce_queries_when_ticking_runner_queue: true) - end - + context 'build picking improvement' do it 'does not check if the build is assignable to a runner' do expect(runner).not_to receive(:can_pick?) runner.pick_build!(build) end end - - context 'build picking improvement disabled' do - before do - stub_feature_flags(ci_reduce_queries_when_ticking_runner_queue: false) - end - - it 'checks if the build is assignable to a runner' do - expect(runner).to receive(:can_pick?).and_call_original - - runner.pick_build!(build) - end - end end describe 'project runner without projects is destroyable' do diff --git a/spec/services/ci/update_build_queue_service_spec.rb b/spec/services/ci/update_build_queue_service_spec.rb index 337090e6366..5458280ad9d 100644 --- a/spec/services/ci/update_build_queue_service_spec.rb +++ b/spec/services/ci/update_build_queue_service_spec.rb @@ -129,19 +129,6 @@ RSpec.describe Ci::UpdateBuildQueueService do subject.tick(build) end - - context 'when feature flag ci_reduce_queries_when_ticking_runner_queue is disabled' do - before do - stub_feature_flags(ci_reduce_queries_when_ticking_runner_queue: false) - stub_feature_flags(ci_runners_short_circuit_assignable_for: false) - end - - it 'runs redundant queries using `owned_or_instance_wide` scope' do - expect(Ci::Runner).to receive(:owned_or_instance_wide).and_call_original - - subject.tick(build) - end - end end end @@ -218,10 +205,9 @@ RSpec.describe Ci::UpdateBuildQueueService do let!(:build) { create(:ci_build, pipeline: pipeline, tag_list: %w[a b]) } let!(:project_runner) { create(:ci_runner, :project, :online, projects: [project], tag_list: %w[a b c]) } - context 'when ci_preload_runner_tags and ci_reduce_queries_when_ticking_runner_queue are enabled' do + context 'when ci_preload_runner_tags is enabled' do before do stub_feature_flags( - ci_reduce_queries_when_ticking_runner_queue: true, ci_preload_runner_tags: true ) end @@ -235,10 +221,9 @@ RSpec.describe Ci::UpdateBuildQueueService do end end - context 'when ci_preload_runner_tags and ci_reduce_queries_when_ticking_runner_queue are disabled' do + context 'when ci_preload_runner_tags are disabled' do before do stub_feature_flags( - ci_reduce_queries_when_ticking_runner_queue: false, ci_preload_runner_tags: false ) end |