diff options
53 files changed, 265 insertions, 158 deletions
diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb index 1f147266fee..ef23987918a 100644 --- a/app/models/ci/pipeline.rb +++ b/app/models/ci/pipeline.rb @@ -1340,13 +1340,15 @@ module Ci persistent_ref.create end + # For dependent bridge jobs we reset the upstream bridge recursively + # to reflect that a downstream pipeline is running again def reset_source_bridge!(current_user) # break recursion when no source_pipeline bridge (first upstream pipeline) return unless bridge_waiting? return unless current_user.can?(:update_pipeline, source_bridge.pipeline) source_bridge.pending! - Ci::AfterRequeueJobService.new(project, current_user).execute(source_bridge) # rubocop:disable CodeReuse/ServiceClass + Ci::ResetSkippedJobsService.new(project, current_user).execute(source_bridge) # rubocop:disable CodeReuse/ServiceClass end # EE-only diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb index d3ceec7ae36..a7f3ff938c3 100644 --- a/app/models/ci/runner.rb +++ b/app/models/ci/runner.rb @@ -69,7 +69,6 @@ module Ci TAG_LIST_MAX_LENGTH = 50 has_many :builds - has_many :running_builds, inverse_of: :runner, class_name: 'Ci::RunningBuild' has_many :runner_projects, inverse_of: :runner, autosave: true, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent has_many :projects, through: :runner_projects, disable_joins: true has_many :runner_namespaces, inverse_of: :runner, autosave: true @@ -91,9 +90,7 @@ module Ci scope :with_recent_runner_queue, -> { where('contacted_at > ?', recent_queue_deadline) } scope :with_running_builds, -> do - where('EXISTS(?)', - ::Ci::RunningBuild.select(1) - .where('ci_running_builds.runner_id = ci_runners.id')) + where('EXISTS(?)', ::Ci::Build.running.select(1).where('ci_builds.runner_id = ci_runners.id')) end # BACKWARD COMPATIBILITY: There are needed to maintain compatibility with `AVAILABLE_SCOPES` used by `lib/api/runners.rb` diff --git a/app/models/concerns/has_user_type.rb b/app/models/concerns/has_user_type.rb index b5352db5a56..8e371f2a9c1 100644 --- a/app/models/concerns/has_user_type.rb +++ b/app/models/concerns/has_user_type.rb @@ -14,11 +14,10 @@ module HasUserType migration_bot: 7, security_bot: 8, automation_bot: 9, - security_policy_bot: 10, admin_bot: 11 }.with_indifferent_access.freeze - BOT_USER_TYPES = %w[alert_bot project_bot support_bot visual_review_bot migration_bot security_bot automation_bot security_policy_bot admin_bot].freeze + BOT_USER_TYPES = %w[alert_bot project_bot support_bot visual_review_bot migration_bot security_bot automation_bot admin_bot].freeze NON_INTERNAL_USER_TYPES = %w[human project_bot service_user].freeze INTERNAL_USER_TYPES = (USER_TYPES.keys - NON_INTERNAL_USER_TYPES).freeze diff --git a/app/models/namespace.rb b/app/models/namespace.rb index 47fd39e8b96..35502b429d0 100644 --- a/app/models/namespace.rb +++ b/app/models/namespace.rb @@ -330,6 +330,13 @@ class Namespace < ApplicationRecord type.nil? || type == Namespaces::UserNamespace.sti_name || !(group_namespace? || project_namespace?) end + def bot_user_namespace? + return false unless user_namespace? + return false unless owner && owner.bot? + + true + end + def owner_required? user_namespace? end diff --git a/app/models/user.rb b/app/models/user.rb index 0916a89e4d2..9b5583b0e0a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -896,16 +896,6 @@ class User < ApplicationRecord end end - def security_policy_bot - email_pattern = "security-policy-bot%s@#{Settings.gitlab.host}" - - unique_internal(where(user_type: :security_policy_bot), 'security-policy-bot', email_pattern) do |u| - u.bio = 'System bot that creates pipelines for security orchestration policies' - u.name = 'GitLab Security Policy Bot' - u.avatar = bot_avatar(image: 'security-bot.png') - end - end - def admin_bot email_pattern = "admin-bot%s@#{Settings.gitlab.host}" diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb index 2f0073c00e4..f8e7a912896 100644 --- a/app/policies/base_policy.rb +++ b/app/policies/base_policy.rb @@ -27,10 +27,6 @@ class BasePolicy < DeclarativePolicy::Base with_options scope: :user, score: 0 condition(:security_bot) { @user&.security_bot? } - desc "User is security policy bot" - with_options scope: :user, score: 0 - condition(:security_policy_bot) { @user&.security_policy_bot? } - desc "User is automation bot" with_options scope: :user, score: 0 condition(:automation_bot) { @user&.automation_bot? } diff --git a/app/policies/concerns/policy_actor.rb b/app/policies/concerns/policy_actor.rb index e000f1514e5..8fa09683b06 100644 --- a/app/policies/concerns/policy_actor.rb +++ b/app/policies/concerns/policy_actor.rb @@ -53,10 +53,6 @@ module PolicyActor false end - def security_policy_bot? - false - end - def automation_bot? false end diff --git a/app/policies/namespaces/user_namespace_policy.rb b/app/policies/namespaces/user_namespace_policy.rb index 89158578ac1..1deeae8241f 100644 --- a/app/policies/namespaces/user_namespace_policy.rb +++ b/app/policies/namespaces/user_namespace_policy.rb @@ -5,6 +5,7 @@ module Namespaces rule { anonymous }.prevent_all condition(:can_create_personal_project, scope: :user) { @user.can_create_project? } + condition(:bot_user_namespace) { @subject.bot_user_namespace? } condition(:owner) { @subject.owner == @user } rule { owner | admin }.policy do @@ -21,6 +22,8 @@ module Namespaces rule { ~can_create_personal_project }.prevent :create_projects + rule { bot_user_namespace }.prevent :create_projects + rule { (owner | admin) & can?(:create_projects) }.enable :transfer_projects end end diff --git a/app/services/ci/play_bridge_service.rb b/app/services/ci/play_bridge_service.rb index a719467253e..897f54ee712 100644 --- a/app/services/ci/play_bridge_service.rb +++ b/app/services/ci/play_bridge_service.rb @@ -9,7 +9,7 @@ module Ci bridge.user = current_user bridge.enqueue! - AfterRequeueJobService.new(project, current_user).execute(bridge) + ResetSkippedJobsService.new(project, current_user).execute(bridge) end end diff --git a/app/services/ci/play_build_service.rb b/app/services/ci/play_build_service.rb index b7aec57f3e3..4f474cf506c 100644 --- a/app/services/ci/play_build_service.rb +++ b/app/services/ci/play_build_service.rb @@ -10,7 +10,7 @@ module Ci build.job_variables_attributes = job_variables_attributes || [] build.enqueue! - AfterRequeueJobService.new(project, current_user).execute(build) + ResetSkippedJobsService.new(project, current_user).execute(build) build else diff --git a/app/services/ci/after_requeue_job_service.rb b/app/services/ci/reset_skipped_jobs_service.rb index 4374ccd52e0..eb809b0162c 100644 --- a/app/services/ci/after_requeue_job_service.rb +++ b/app/services/ci/reset_skipped_jobs_service.rb @@ -1,7 +1,9 @@ # frozen_string_literal: true module Ci - class AfterRequeueJobService < ::BaseService + # This service resets skipped jobs so they can be processed again. + # It affects the jobs that depend on the passed in job parameter. + class ResetSkippedJobsService < ::BaseService def execute(processable) @processable = processable diff --git a/app/services/ci/retry_job_service.rb b/app/services/ci/retry_job_service.rb index f63e5828fab..da0e80dfed7 100644 --- a/app/services/ci/retry_job_service.rb +++ b/app/services/ci/retry_job_service.rb @@ -64,7 +64,7 @@ module Ci next if new_job.failed? - AfterRequeueJobService.new(project, current_user).execute(job) + ResetSkippedJobsService.new(project, current_user).execute(job) Ci::PipelineCreation::StartPipelineService.new(job.pipeline).execute new_job.reset diff --git a/app/views/profiles/preferences/show.html.haml b/app/views/profiles/preferences/show.html.haml index c11e7c6ea32..be9140b23ff 100644 --- a/app/views/profiles/preferences/show.html.haml +++ b/app/views/profiles/preferences/show.html.haml @@ -147,6 +147,21 @@ = f.select :first_day_of_week, first_day_of_week_choices_with_default, {}, class: 'gl-form-select custom-select' .col-sm-12 %hr + - if Feature.enabled?(:vscode_web_ide, current_user) + .row.js-preferences-form.js-search-settings-section + .col-lg-4.profile-settings-sidebar#web-ide + %h4.gl-mt-0 + = s_('Preferences|Web IDE') + %p + = s_('Preferences|Choose which Web IDE version you want to use.') + = link_to _('Learn more'), help_page_path('user/profile/preferences', anchor: 'web-ide'), target: '_blank', rel: 'noopener noreferrer' + .col-lg-8 + .form-group + = f.gitlab_ui_checkbox_component :use_legacy_web_ide, + s_('Preferences|Use legacy Web IDE'), + help_text: s_('Preferences|The legacy Web IDE remains available while the new Web IDE is in Beta.') + .col-sm-12 + %hr .row.js-preferences-form.js-search-settings-section .col-lg-4.profile-settings-sidebar#time-preferences %h4.gl-mt-0 diff --git a/config/feature_flags/development/ban_user_feature_flag.yml b/config/feature_flags/development/ban_user_feature_flag.yml index d06a0668549..74aee3f46f8 100644 --- a/config/feature_flags/development/ban_user_feature_flag.yml +++ b/config/feature_flags/development/ban_user_feature_flag.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61292 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330667 milestone: '13.12' type: development -group: group::access +group: group::authentication and authorization default_enabled: true diff --git a/config/feature_flags/development/forti_authenticator.yml b/config/feature_flags/development/forti_authenticator.yml index f3360d136ec..63e780ccc64 100644 --- a/config/feature_flags/development/forti_authenticator.yml +++ b/config/feature_flags/development/forti_authenticator.yml @@ -1,8 +1,8 @@ --- name: forti_authenticator introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/45055 -rollout_issue_url: +rollout_issue_url: milestone: '13.5' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/forti_token_cloud.yml b/config/feature_flags/development/forti_token_cloud.yml index 10f143ca912..5bf350c9b33 100644 --- a/config/feature_flags/development/forti_token_cloud.yml +++ b/config/feature_flags/development/forti_token_cloud.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/49089 rollout_issue_url: milestone: '13.7' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/linear_project_ancestors.yml b/config/feature_flags/development/linear_project_ancestors.yml index 28c8fbcbf59..00b04b20b30 100644 --- a/config/feature_flags/development/linear_project_ancestors.yml +++ b/config/feature_flags/development/linear_project_ancestors.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68072 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/338403 milestone: '14.2' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/linear_user_manageable_groups.yml b/config/feature_flags/development/linear_user_manageable_groups.yml index e5822fc3d7d..8d59d689f6e 100644 --- a/config/feature_flags/development/linear_user_manageable_groups.yml +++ b/config/feature_flags/development/linear_user_manageable_groups.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68845 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/339434 milestone: '14.3' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/project_list_filter_bar.yml b/config/feature_flags/development/project_list_filter_bar.yml index 29d5d67af95..86b8a61b1e4 100644 --- a/config/feature_flags/development/project_list_filter_bar.yml +++ b/config/feature_flags/development/project_list_filter_bar.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/11209 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/321404 milestone: '11.11' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml b/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml index 820e6cafb41..aa8e243e89e 100644 --- a/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml +++ b/config/feature_flags/development/specialized_worker_for_group_lock_update_auth_recalculation.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66525 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/336592 milestone: '14.2' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/two_factor_for_cli.yml b/config/feature_flags/development/two_factor_for_cli.yml index e442bb035cf..341f06d9ffa 100644 --- a/config/feature_flags/development/two_factor_for_cli.yml +++ b/config/feature_flags/development/two_factor_for_cli.yml @@ -1,8 +1,8 @@ --- name: two_factor_for_cli introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/39703 -rollout_issue_url: +rollout_issue_url: milestone: '13.5' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/user_time_settings.yml b/config/feature_flags/development/user_time_settings.yml index 098b96e97f0..bd2b94fe015 100644 --- a/config/feature_flags/development/user_time_settings.yml +++ b/config/feature_flags/development/user_time_settings.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/25 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/321407 milestone: '11.11' type: development -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/development/webauthn.yml b/config/feature_flags/development/webauthn.yml index 135d4af2465..6bd4fc95020 100644 --- a/config/feature_flags/development/webauthn.yml +++ b/config/feature_flags/development/webauthn.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/26692 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/232671 milestone: '13.4' type: development -group: group::access +group: group::authentication and authorization default_enabled: true diff --git a/config/feature_flags/ops/block_password_auth_for_saml_users.yml b/config/feature_flags/ops/block_password_auth_for_saml_users.yml index 492c00f2dd5..d84d8b5133b 100644 --- a/config/feature_flags/ops/block_password_auth_for_saml_users.yml +++ b/config/feature_flags/ops/block_password_auth_for_saml_users.yml @@ -4,5 +4,5 @@ introduced_by_url: rollout_issue_url: milestone: '13.11' type: ops -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/ops/dynamic_nonce.yml b/config/feature_flags/ops/dynamic_nonce.yml index 6a63eda8862..ad8c63f9fa3 100644 --- a/config/feature_flags/ops/dynamic_nonce.yml +++ b/config/feature_flags/ops/dynamic_nonce.yml @@ -4,5 +4,5 @@ introduced_by_url: rollout_issue_url: milestone: '14.0' type: ops -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/config/feature_flags/ops/recaptcha_on_top_level_group_creation.yml b/config/feature_flags/ops/recaptcha_on_top_level_group_creation.yml index 3ee8538b4fd..e01dd2b566c 100644 --- a/config/feature_flags/ops/recaptcha_on_top_level_group_creation.yml +++ b/config/feature_flags/ops/recaptcha_on_top_level_group_creation.yml @@ -4,5 +4,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/56707 rollout_issue_url: milestone: '13.11' type: ops -group: group::access +group: group::authentication and authorization default_enabled: false diff --git a/data/deprecations/16-0-post-ci-lint.yml b/data/deprecations/16-0-post-ci-lint.yml index 6e7d75b77b0..cb2570ee255 100644 --- a/data/deprecations/16-0-post-ci-lint.yml +++ b/data/deprecations/16-0-post-ci-lint.yml @@ -19,7 +19,7 @@ - title: "`POST ci/lint` API endpoint deprecated" # (required) The name of the feature to be deprecated announcement_milestone: "15.7" # (required) The milestone when this feature was first announced as deprecated. announcement_date: "2022-11-22" # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. - removal_milestone: "16.00" # (required) The milestone when this feature is planned to be removed + removal_milestone: "16.0" # (required) The milestone when this feature is planned to be removed removal_date: 2021-03-22 # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post. breaking_change: true # (required) If this deprecation is a breaking change, set this value to true reporter: dhershkovitch # (required) GitLab username of the person reporting the deprecation diff --git a/doc/api/import.md b/doc/api/import.md index e5c69e08cc0..427a3df763b 100644 --- a/doc/api/import.md +++ b/doc/api/import.md @@ -64,16 +64,10 @@ Example response: ### Import a public project through the API using a group access token When you import a project from GitHub to GitLab through the API using a group access -token, the GitLab project inherits the original project's visibility settings. -The API imports the project into the bot account's namespace and makes the project -publicly accessible if the: +token: -- Original project is public. -- `path` or `target_namespace` do not exist. - -Because the project cannot be deleted by an end user with a valid token, this -could be a security risk. Make sure the `path` or `target_namespace` exist before -importing a public project from GitHub into GitLab. +- The GitLab project inherits the original project's visibility settings. As a result, the project is publicly accessible if the original project is public. +- If the `path` or `target_namespace` does not exist, the project import fails. ## Cancel GitHub project import diff --git a/doc/development/contributing/design.md b/doc/development/contributing/design.md index e6b6b56cf73..b8d7a8eef39 100644 --- a/doc/development/contributing/design.md +++ b/doc/development/contributing/design.md @@ -24,8 +24,17 @@ screenshots (or videos) of your changes in the description, as explained in our [MR workflow](merge_request_workflow.md). These screenshots/videos are very helpful for all reviewers and can speed up the review process, especially if the changes are small. -- Attach the ~UX label to any merge request that impacts the user experience. This will enable Product Designers to [review](https://about.gitlab.com/handbook/product/ux/product-designer/mr-reviews/#stage-group-mrs/) any user facing changes. -- Assign the Product Designer suggested by Reviewer Roulette as the reviewer of your merge request. The reviewer does not have to be the domain expert unless this is a community contribution. +- Attach the ~UX label to any merge request that has any user facing changes. This will trigger our +Reviewer Roulette to suggest a UX [reviewer](https://about.gitlab.com/handbook/product/ux/product-designer/mr-reviews/#stage-group-mrs). + +If you are a **team member**: We recommend assigning the Product Designer suggested by the +[Reviewer Roulette](../code_review.md#reviewer-roulette) as reviewer. [This helps us](https://about.gitlab.com/handbook/product/ux/product-designer/mr-reviews/#benefits) spread work evenly, improve communication, and make our UI more +consistent. If you have a reason to choose a different reviewer, add a comment to mention you assigned +it to a Product Designer of your choice. + +If you are a **community contributor**: We favor choosing the Product Designer that is a +[domain expert](../code_review.md#domain-experts) in the area you are contributing, to regardless +of the Reviewer Roulette. ## Checklist diff --git a/doc/development/documentation/topic_types/index.md b/doc/development/documentation/topic_types/index.md index 8e8c474ce3c..9648fc8fe0f 100644 --- a/doc/development/documentation/topic_types/index.md +++ b/doc/development/documentation/topic_types/index.md @@ -66,9 +66,9 @@ Some pages are solely a list of links to other documentation. We do not encourage this page type. Lists of links can get out-of-date quickly and offer little value to users, who prefer to search to find information. -## Topic text guidelines +## Topic title guidelines -In general, for topic text: +In general, for topic titles: - Be clear and direct. Make every word count. - Use articles and prepositions. diff --git a/doc/development/documentation/workflow.md b/doc/development/documentation/workflow.md index 9d8d25607c8..e591f0e2c09 100644 --- a/doc/development/documentation/workflow.md +++ b/doc/development/documentation/workflow.md @@ -77,7 +77,7 @@ A member of the Technical Writing team adds these labels: - The [`~Technical Writing` team label](../contributing/issue_workflow.md#team-labels). - A type label: either `~"type::feature"` or `~"type::maintenance"`. -### Reviewing and merging +## Reviewing and merging Anyone with the Maintainer role to the relevant GitLab project can merge documentation changes. Maintainers must make a good-faith effort to ensure that the content: @@ -111,13 +111,24 @@ The process involves the following: The process is reflected in the **Documentation** [merge request template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Documentation.md). -## Other ways to help +### Before merging -If you have ideas for further documentation resources please -[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Documentation) -using the Documentation template. +Ensure the following if skipping an initial Technical Writer review: + +- [Product badges](styleguide/index.md#product-tier-badges) are applied. +- The GitLab [version](versions.md) that + introduced the feature is included. +- Changes to topic titles don't affect in-app hyperlinks. +- Specific [user permissions](../../user/permissions.md) are documented. +- New documents are linked from higher-level indexes, for discoverability. +- The style guide is followed: + - For [directories and files](site_architecture/folder_structure.md). + - For [images](styleguide/index.md#images). + +Merge requests that change the location of documentation must always be reviewed by a Technical +Writer before merging. -## Post-merge reviews +### Post-merge reviews If not assigned to a Technical Writer for review prior to merging, a review must be scheduled immediately after merge by the developer or maintainer. For this, @@ -146,19 +157,8 @@ Remember: - The Technical Writer can also help decide that documentation can be merged without Technical writer review, with the review to occur soon after merge. -### Before merging - -Ensure the following if skipping an initial Technical Writer review: - -- [Product badges](styleguide/index.md#product-tier-badges) are applied. -- The GitLab [version](versions.md) that - introduced the feature is included. -- Changes to topic titles don't affect in-app hyperlinks. -- Specific [user permissions](../../user/permissions.md) are documented. -- New documents are linked from higher-level indexes, for discoverability. -- The style guide is followed: - - For [directories and files](site_architecture/folder_structure.md). - - For [images](styleguide/index.md#images). +## Other ways to help -Merge requests that change the location of documentation must always be reviewed by a Technical -Writer before merging. +If you have ideas for further documentation resources please +[create an issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Documentation) +using the Documentation template. diff --git a/doc/install/docker.md b/doc/install/docker.md index 11525842c6e..51ff1f02ba5 100644 --- a/doc/install/docker.md +++ b/doc/install/docker.md @@ -263,7 +263,7 @@ Here's an example that deploys GitLab with four runners as a [stack](https://doc 1. Create a `root_password.txt` file: ```plaintext - MySuperSecretAndSecurePass0rd! + MySuperSecretAndSecurePassw0rd! ``` 1. Make sure you are in the same directory as `docker-compose.yml` and run: diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 1bf6f419ccc..e4bcf634478 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -113,11 +113,11 @@ From GitLab 16.0 and later, the runner registration methods implemented by the n </div> -<div class="deprecation removal-1600 breaking-change"> +<div class="deprecation removal-160 breaking-change"> ### `POST ci/lint` API endpoint deprecated -Planned removal: GitLab <span class="removal-milestone">16.00</span> (2021-03-22) +Planned removal: GitLab <span class="removal-milestone">16.0</span> (2021-03-22) WARNING: This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). diff --git a/doc/user/application_security/policies/scan-execution-policies.md b/doc/user/application_security/policies/scan-execution-policies.md index d5cb253bef1..02db4f487b1 100644 --- a/doc/user/application_security/policies/scan-execution-policies.md +++ b/doc/user/application_security/policies/scan-execution-policies.md @@ -102,8 +102,6 @@ Other elements of the [CRON syntax]((https://docs.oracle.com/cd/E12058_01/doc/do NOTE: If using the `agents` field, required for `Operational Container Scanning`, the CRON expression is evaluated in [UTC](https://www.timeanddate.com/worldclock/timezone/utc) using the system-time of the Kubernetes-agent pod. If not using the `agents` field, the CRON expression is evaluated in standard [UTC](https://www.timeanddate.com/worldclock/timezone/utc) time from GitLab.com. If you have a self-managed GitLab instance and have [changed the server timezone](../../../administration/timezone.md), the CRON expression is evaluated with the new timezone. -The scan execution policy for the `schedule` rule type triggers the `GitLab Security Policy Bot` user to create a new pipeline. This user does not count toward the license limit count. - ### `agent` schema Use this schema to define `agents` objects in the [`schedule` rule type](#schedule-rule-type). diff --git a/doc/user/profile/preferences.md b/doc/user/profile/preferences.md index dce8684d993..9838cd1daae 100644 --- a/doc/user/profile/preferences.md +++ b/doc/user/profile/preferences.md @@ -203,6 +203,23 @@ NOTE: This feature is experimental, and choosing absolute times might break certain layouts. Open an issue if you notice that using absolute times breaks a layout. +## Web IDE + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/370139) in GitLab 15.7 [with a flag](../../administration/feature_flags.md) named 'vscode_web_ide'. Disabled by default. + +FLAG: +On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `vscode_web_ide`. On GitLab.com, this feature is not available. The feature is not ready for production use. + +The [VS Code-based Web IDE](../project/web_ide/index.md#vscode-reimplementation) is +the default editing environment when the `vscode_web_ide` feature +flag is enabled. + +To use the legacy Web IDE: + +1. On the **Preferences** page, go to **Web IDE**. +1. Select the **Use legacy Web IDE** checkbox. +1. Select **Save changes**. + ## Integrations Configure your preferences with third-party services which provide enhancements to your GitLab experience. diff --git a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb index bdd45687760..035167f1a74 100644 --- a/lib/gitlab/ci/pipeline/chain/validate/abilities.rb +++ b/lib/gitlab/ci/pipeline/chain/validate/abilities.rb @@ -14,7 +14,7 @@ module Gitlab return error('Project is deleted!') end - unless builds_enabled? + unless project.builds_enabled? return error('Pipelines are disabled!') end @@ -37,10 +37,6 @@ module Gitlab can?(current_user, :create_pipeline, project) end - def builds_enabled? - project.builds_enabled? - end - def allowed_to_write_ref? access = Gitlab::UserAccess.new(current_user, container: project) diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 3f65f61ed6d..745a2075934 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -31063,6 +31063,9 @@ msgstr "" msgid "Preferences|Choose what content you want to see on a project’s overview page." msgstr "" +msgid "Preferences|Choose which Web IDE version you want to use." +msgstr "" + msgid "Preferences|Color for added lines" msgstr "" @@ -31147,6 +31150,9 @@ msgstr "" msgid "Preferences|Tab width" msgstr "" +msgid "Preferences|The legacy Web IDE remains available while the new Web IDE is in Beta." +msgstr "" + msgid "Preferences|This feature is experimental and translations are not yet complete." msgstr "" @@ -31159,9 +31165,15 @@ msgstr "" msgid "Preferences|Time preferences" msgstr "" +msgid "Preferences|Use legacy Web IDE" +msgstr "" + msgid "Preferences|Use relative times" msgstr "" +msgid "Preferences|Web IDE" +msgstr "" + msgid "Preferences|When you type in a description or comment box, pressing %{kbdOpen}Enter%{kbdClose} in a list adds a new item below." msgstr "" diff --git a/qa/Gemfile b/qa/Gemfile index 55eca70571e..4a1f00d852a 100644 --- a/qa/Gemfile +++ b/qa/Gemfile @@ -24,7 +24,7 @@ gem 'rspec-parameterized', '~> 0.5.2' gem 'octokit', '~> 6.0.1' gem "faraday-retry", "~> 2.0" gem 'webdrivers', '~> 5.2' -gem 'zeitwerk', '~> 2.4' +gem 'zeitwerk', '~> 2.6', '>= 2.6.6' gem 'influxdb-client', '~> 2.8' gem 'terminal-table', '~> 3.0.2', require: false gem 'slack-notifier', '~> 2.4', require: false diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock index 52da243550d..a1e7b8fb1ad 100644 --- a/qa/Gemfile.lock +++ b/qa/Gemfile.lock @@ -52,9 +52,9 @@ GEM coderay (1.1.2) colorize (0.8.1) concurrent-ruby (1.1.10) - confiner (0.3.0) + confiner (0.4.0) gitlab (>= 4.17) - zeitwerk (~> 2.5.1) + zeitwerk (>= 2.5, < 3) declarative (0.0.20) deprecation_toolkit (2.0.1) activesupport (>= 5.2) @@ -293,7 +293,7 @@ GEM websocket (1.2.9) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.5.4) + zeitwerk (2.6.6) PLATFORMS ruby @@ -334,7 +334,7 @@ DEPENDENCIES terminal-table (~> 3.0.2) warning (~> 1.3) webdrivers (~> 5.2) - zeitwerk (~> 2.4) + zeitwerk (~> 2.6, >= 2.6.6) BUNDLED WITH 2.3.26 diff --git a/spec/features/profiles/user_edit_preferences_spec.rb b/spec/features/profiles/user_edit_preferences_spec.rb index e647073dc9e..1a231f1d269 100644 --- a/spec/features/profiles/user_edit_preferences_spec.rb +++ b/spec/features/profiles/user_edit_preferences_spec.rb @@ -8,10 +8,12 @@ RSpec.describe 'User edit preferences profile', :js, feature_category: :users do # Empty value doesn't change the levels let(:language_percentage_levels) { nil } let(:user) { create(:user) } + let(:vscode_web_ide) { true } before do stub_languages_translation_percentage(language_percentage_levels) stub_feature_flags(user_time_settings: true) + stub_feature_flags(vscode_web_ide: vscode_web_ide) sign_in(user) visit(profile_preferences_path) end @@ -36,6 +38,24 @@ RSpec.describe 'User edit preferences profile', :js, feature_category: :users do expect(field).not_to be_checked end + it 'allows the user to toggle using the legacy web ide' do + field = page.find_field("user[use_legacy_web_ide]") + + expect(field).not_to be_checked + + field.click + + expect(field).to be_checked + end + + describe 'when vscode_web_ide feature flag is disabled' do + let(:vscode_web_ide) { false } + + it 'does not display the legacy web ide user preference' do + expect(page).not_to have_field("user[use_legacy_web_ide]") + end + end + describe 'User changes tab width to acceptable value' do it 'shows success message' do fill_in 'Tab width', with: 9 diff --git a/spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb index b0c6cc6990f..7aaeee32f49 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/validate/abilities_spec.rb @@ -84,36 +84,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::Abilities do end end - context 'when CI/CD disabled' do - before do - project.project_feature.update_attribute(:builds_access_level, ProjectFeature::DISABLED) - - step.perform! - end - - it 'adds an error about disabled pipeline' do - expect(pipeline.errors.to_a).to include('Pipelines are disabled!') - end - - it 'breaks the pipeline builder chain' do - expect(step.break?).to eq true - end - end - - describe '#builds_enabled?' do - subject { step.send(:builds_enabled?) } - - it { is_expected.to be_truthy } - - context 'when CI/CD disabled' do - before do - project.project_feature.update_attribute(:builds_access_level, ProjectFeature::DISABLED) - end - - it { is_expected.to be_falsey } - end - end - describe '#allowed_to_write_ref?' do subject { step.send(:allowed_to_write_ref?) } @@ -130,7 +100,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::Abilities do it { is_expected.to be_truthy } end - context 'when the branch is protected', :use_clean_rails_redis_caching do + context 'when the branch is protected' do let!(:protected_branch) do create(:protected_branch, project: project, name: ref) end @@ -190,7 +160,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::Abilities do it { is_expected.to be_truthy } - context 'when the branch is protected', :use_clean_rails_redis_caching do + context 'when the branch is protected' do let!(:protected_branch) do create(:protected_branch, project: project, name: ref) end diff --git a/spec/models/ci/build_report_result_spec.rb b/spec/models/ci/build_report_result_spec.rb index 55a4acd6c23..90b23d3e824 100644 --- a/spec/models/ci/build_report_result_spec.rb +++ b/spec/models/ci/build_report_result_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' RSpec.describe Ci::BuildReportResult do - let_it_be(:build_report_result) { create(:ci_build_report_result, :with_junit_success) } + let_it_be_with_reload(:build_report_result) { create(:ci_build_report_result, :with_junit_success) } it_behaves_like 'cleanup by a loose foreign key' do let!(:parent) { create(:project) } diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb index 56c21e8171f..803b766c822 100644 --- a/spec/models/ci/runner_spec.rb +++ b/spec/models/ci/runner_spec.rb @@ -717,10 +717,8 @@ RSpec.describe Ci::Runner, feature_category: :runner do before do project = create(:project, :repository) pipeline = create(:ci_pipeline, project: project) - build2 = create(:ci_build, runner: runner2, pipeline: pipeline) - create(:ci_running_build, build: build2, project: project, runner: runner2) - build3 = create(:ci_build, runner: runner3, pipeline: pipeline) - create(:ci_running_build, build: build3, project: project, runner: runner3) + create(:ci_build, :running, runner: runner2, pipeline: pipeline) + create(:ci_build, :running, runner: runner3, pipeline: pipeline) end it { is_expected.to contain_exactly(runner2, runner3) } diff --git a/spec/models/concerns/has_user_type_spec.rb b/spec/models/concerns/has_user_type_spec.rb index 964a35d4d39..b6e711e8325 100644 --- a/spec/models/concerns/has_user_type_spec.rb +++ b/spec/models/concerns/has_user_type_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe User do specify 'types consistency checks', :aggregate_failures do expect(described_class::USER_TYPES.keys) - .to match_array(%w[human ghost alert_bot project_bot support_bot service_user security_bot visual_review_bot migration_bot automation_bot security_policy_bot admin_bot]) + .to match_array(%w[human ghost alert_bot project_bot support_bot service_user security_bot visual_review_bot migration_bot automation_bot admin_bot]) expect(described_class::USER_TYPES).to include(*described_class::BOT_USER_TYPES) expect(described_class::USER_TYPES).to include(*described_class::NON_INTERNAL_USER_TYPES) expect(described_class::USER_TYPES).to include(*described_class::INTERNAL_USER_TYPES) diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb index 0516d446945..24e10e11d3a 100644 --- a/spec/models/namespace_spec.rb +++ b/spec/models/namespace_spec.rb @@ -1895,6 +1895,30 @@ RSpec.describe Namespace do end end + describe '#bot_user_namespace?' do + subject { namespace.bot_user_namespace? } + + context 'when owner is a bot user user' do + let(:user) { create(:user, :project_bot) } + let(:namespace) { user.namespace } + + it { is_expected.to be_truthy } + end + + context 'when owner is a non-bot user' do + let(:user) { create(:user) } + let(:namespace) { user.namespace } + + it { is_expected.to be_falsy } + end + + context 'when type is a group' do + let(:namespace) { create(:group) } + + it { is_expected.to be_falsy } + end + end + describe '#aggregation_scheduled?' do let(:namespace) { create(:namespace) } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 95014641abb..ebc9a4ba775 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -6809,7 +6809,6 @@ RSpec.describe User do { user_type: :support_bot }, { user_type: :security_bot }, { user_type: :automation_bot }, - { user_type: :security_policy_bot }, { user_type: :admin_bot } ] end @@ -6897,7 +6896,6 @@ RSpec.describe User do 'support_bot' | false 'security_bot' | false 'automation_bot' | false - 'security_policy_bot' | false 'admin_bot' | false end @@ -7047,13 +7045,11 @@ RSpec.describe User do it_behaves_like 'bot users', :security_bot it_behaves_like 'bot users', :ghost it_behaves_like 'bot users', :automation_bot - it_behaves_like 'bot users', :security_policy_bot it_behaves_like 'bot users', :admin_bot it_behaves_like 'bot user avatars', :alert_bot, 'alert-bot.png' it_behaves_like 'bot user avatars', :support_bot, 'support-bot.png' it_behaves_like 'bot user avatars', :security_bot, 'security-bot.png' - it_behaves_like 'bot user avatars', :security_policy_bot, 'security-bot.png' it_behaves_like 'bot user avatars', :automation_bot, 'support-bot.png' it_behaves_like 'bot user avatars', :admin_bot, 'admin-bot.png' diff --git a/spec/policies/namespaces/user_namespace_policy_spec.rb b/spec/policies/namespaces/user_namespace_policy_spec.rb index 42d27d0f3d6..bb821490e30 100644 --- a/spec/policies/namespaces/user_namespace_policy_spec.rb +++ b/spec/policies/namespaces/user_namespace_policy_spec.rb @@ -35,6 +35,13 @@ RSpec.describe Namespaces::UserNamespacePolicy do it { is_expected.to be_disallowed(:create_projects) } it { is_expected.to be_disallowed(:transfer_projects) } end + + context 'bot user' do + let(:owner) { create(:user, :project_bot) } + + it { is_expected.to be_disallowed(:create_projects) } + it { is_expected.to be_disallowed(:transfer_projects) } + end end context 'admin' do diff --git a/spec/requests/api/graphql/ci/runner_spec.rb b/spec/requests/api/graphql/ci/runner_spec.rb index 9015e14a830..d6094b91c56 100644 --- a/spec/requests/api/graphql/ci/runner_spec.rb +++ b/spec/requests/api/graphql/ci/runner_spec.rb @@ -86,7 +86,7 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner do 'active' => runner.active, 'paused' => !runner.active, 'status' => runner.status('14.5').to_s.upcase, - 'jobExecutionStatus' => runner.running_builds.any? ? 'RUNNING' : 'IDLE', + 'jobExecutionStatus' => runner.builds.running.any? ? 'RUNNING' : 'IDLE', 'maximumTimeout' => runner.maximum_timeout, 'accessLevel' => runner.access_level.to_s.upcase, 'runUntagged' => runner.run_untagged, @@ -98,9 +98,9 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner do 'maintenanceNote' => runner.maintenance_note, 'maintenanceNoteHtml' => runner.maintainer_note.present? ? a_string_including('<strong>Test maintenance note</strong>') : '', - 'jobCount' => runner.running_builds.count, + 'jobCount' => runner.builds.count, 'jobs' => a_hash_including( - "count" => runner.running_builds.count, + "count" => runner.builds.count, "nodes" => an_instance_of(Array), "pageInfo" => anything ), @@ -189,12 +189,9 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner do before do project = create(:project, :repository) pipeline = create(:ci_pipeline, project: project) - build = create(:ci_build, runner: runner, pipeline: pipeline) - create(:ci_running_build, build: build, project: project, runner: runner) + create(:ci_build, :running, runner: runner, pipeline: pipeline) end - specify { expect(runner.running_builds.count).to eq 1 } - it_behaves_like 'runner details fetch' end end diff --git a/spec/requests/api/project_import_spec.rb b/spec/requests/api/project_import_spec.rb index 3087f0cac7d..347a930c038 100644 --- a/spec/requests/api/project_import_spec.rb +++ b/spec/requests/api/project_import_spec.rb @@ -126,13 +126,31 @@ RSpec.describe API::ProjectImport, :aggregate_failures do end end - it 'schedules an import at the user namespace level' do - stub_import(user.namespace) - params[:path] = 'test-import2' + context 'when namespace not set' do + it 'schedules an import at the user namespace level' do + stub_import(user.namespace) + params[:path] = 'test-import2' - subject + subject - expect(response).to have_gitlab_http_status(:created) + expect(response).to have_gitlab_http_status(:created) + end + + context 'when current user is a bot user' do + let(:user) { create(:user, :project_bot) } + + it 'does not schedule an import' do + expect_any_instance_of(ProjectImportState).not_to receive(:schedule) + + params[:namespace] = nil + params[:path] = 'test-import3' + + subject + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq("Namespace is not valid") + end + end end it 'does not schedule an import for a namespace that does not exist' do @@ -161,6 +179,20 @@ RSpec.describe API::ProjectImport, :aggregate_failures do expect(json_response['message']).to eq('404 Namespace Not Found') end + context 'when passed in namespace is a bot user namespace' do + let(:user) { create(:user, :project_bot) } + + it 'does not schedule an import' do + expect_any_instance_of(ProjectImportState).not_to receive(:schedule) + params[:namespace] = user.namespace.full_path + + subject + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq("Namespace is not valid") + end + end + context 'if user uploads no valid file' do let(:file) { 'README.md' } diff --git a/spec/services/ci/after_requeue_job_service_spec.rb b/spec/services/ci/reset_skipped_jobs_service_spec.rb index e6f46fb9ebe..712a21e665b 100644 --- a/spec/services/ci/after_requeue_job_service_spec.rb +++ b/spec/services/ci/reset_skipped_jobs_service_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do +RSpec.describe Ci::ResetSkippedJobsService, :sidekiq_inline, feature_category: :continuous_integration do let_it_be(:project) { create(:project, :empty_repo) } let_it_be(:user) { project.first_owner } @@ -12,9 +12,9 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do subject(:service) { described_class.new(project, user) } - context 'stage-dag mixed pipeline' do + context 'with a stage-dag mixed pipeline' do let(:config) do - <<-EOY + <<-YAML stages: [a, b, c] a1: @@ -49,7 +49,7 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do c2: stage: c script: exit 0 - EOY + YAML end let(:pipeline) do @@ -150,9 +150,9 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do end end - context 'stage-dag mixed pipeline with some same-stage needs' do + context 'with stage-dag mixed pipeline with some same-stage needs' do let(:config) do - <<-EOY + <<-YAML stages: [a, b, c] a1: @@ -181,7 +181,7 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do c2: stage: c script: exit 0 - EOY + YAML end let(:pipeline) do @@ -239,7 +239,7 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do context 'with same-stage needs' do let(:config) do - <<-EOY + <<-YAML a: script: exit $(($RANDOM % 2)) @@ -250,7 +250,7 @@ RSpec.describe Ci::AfterRequeueJobService, :sidekiq_inline do c: script: exit 0 needs: [b] - EOY + YAML end let(:pipeline) do diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb index 9c8aeb5cf7b..8eb3b777346 100644 --- a/spec/services/projects/create_service_spec.rb +++ b/spec/services/projects/create_service_spec.rb @@ -145,6 +145,20 @@ RSpec.describe Projects::CreateService, '#execute' do end end end + + context 'when the passed in namespace is for a bot user' do + let(:bot_user) { create(:user, :project_bot) } + let(:opts) do + { name: project_name, namespace_id: bot_user.namespace.id } + end + + it 'raises an error' do + project = create_project(bot_user, opts) + + expect(project.errors.errors.length).to eq 1 + expect(project.errors.messages[:namespace].first).to eq(("is not valid")) + end + end end describe 'after create actions' do diff --git a/spec/services/projects/transfer_service_spec.rb b/spec/services/projects/transfer_service_spec.rb index 7fd8ab555f7..4d75786a4c3 100644 --- a/spec/services/projects/transfer_service_spec.rb +++ b/spec/services/projects/transfer_service_spec.rb @@ -452,6 +452,22 @@ RSpec.describe Projects::TransferService do end end + context 'target namespace belongs to bot user', :enable_admin_mode do + let(:bot) { create(:user, :project_bot) } + let(:target) { bot.namespace } + let(:executor) { create(:user, :admin) } + + it 'does not allow project transfer' do + namespace = project.namespace + + transfer_result = execute_transfer + + expect(transfer_result).to eq false + expect(project.namespace).to eq(namespace) + expect(project.errors[:new_namespace]).to include("You don't have permission to transfer projects into that namespace.") + end + end + context 'when user does not own the project' do let(:project) { create(:project, :repository, :legacy_storage) } diff --git a/spec/tooling/danger/feature_flag_spec.rb b/spec/tooling/danger/feature_flag_spec.rb index 7cae3e0a8b3..0e9eda54510 100644 --- a/spec/tooling/danger/feature_flag_spec.rb +++ b/spec/tooling/danger/feature_flag_spec.rb @@ -135,7 +135,7 @@ RSpec.describe Tooling::Danger::FeatureFlag do end context 'when MR labels does not match FF group' do - let(:mr_group_label) { 'group::access' } + let(:mr_group_label) { 'group::authentication and authorization' } specify { expect(result).to eq(false) } end |