diff options
| -rw-r--r-- | data/deprecations/15-8-visual-review-tool.yml | 23 | ||||
| -rw-r--r-- | doc/administration/auditor_users.md | 1 | ||||
| -rw-r--r-- | doc/administration/auth/ldap/google_secure_ldap.md | 24 | ||||
| -rw-r--r-- | doc/administration/auth/ldap/ldap-troubleshooting.md | 6 | ||||
| -rw-r--r-- | doc/administration/geo/replication/location_aware_git_url.md | 2 | ||||
| -rw-r--r-- | doc/administration/geo/replication/remove_geo_site.md | 2 | ||||
| -rw-r--r-- | doc/administration/load_balancer.md | 4 | ||||
| -rw-r--r-- | doc/administration/monitoring/performance/grafana_configuration.md | 8 | ||||
| -rw-r--r-- | doc/ci/test_cases/index.md | 6 | ||||
| -rw-r--r-- | doc/ci/testing/code_quality.md | 722 | ||||
| -rw-r--r-- | doc/ci/testing/img/code_quality_host_bound_sequential.png | bin | 12345 -> 0 bytes | |||
| -rw-r--r-- | doc/ci/yaml/artifacts_reports.md | 13 | ||||
| -rw-r--r-- | doc/integration/google.md | 2 | ||||
| -rw-r--r-- | doc/operations/metrics/embed_grafana.md | 2 | ||||
| -rw-r--r-- | doc/subscriptions/bronze_starter.md | 2 | ||||
| -rw-r--r-- | doc/update/deprecations.md | 14 | ||||
| -rw-r--r-- | doc/user/admin_area/index.md | 7 |
17 files changed, 432 insertions, 406 deletions
diff --git a/data/deprecations/15-8-visual-review-tool.yml b/data/deprecations/15-8-visual-review-tool.yml new file mode 100644 index 00000000000..4833bc314d8 --- /dev/null +++ b/data/deprecations/15-8-visual-review-tool.yml @@ -0,0 +1,23 @@ +- title: "The Visual Reviews tool is deprecated" # (required) Clearly explain the change, or planned change. For example, "The `confidential` field for a `Note` is deprecated" or "CI/CD job names will be limited to 250 characters." + announcement_milestone: "15.8" # (required) The milestone when this feature was first announced as deprecated. + removal_milestone: "17.0" # (required) The milestone when this feature is planned to be removed + breaking_change: true # (required) Change to false if this is not a breaking change. + reporter: jocelynjane # (required) GitLab username of the person reporting the change + stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth + issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/387751 # (required) Link to the deprecation issue in GitLab + body: | # (required) Do not modify this line, instead modify the lines below. + Due to limited customer usage and capabilities, the Visual Reviews feature for Review Apps is deprecated and will be removed. There is no planned replacement and users should stop using Visual Reviews before GitLab 17.0. +# +# OPTIONAL END OF SUPPORT FIELDS +# +# If an End of Support period applies, the announcement should be shared with GitLab Support +# in the `#spt_managers` channel in Slack, and mention `@gitlab-com/support` in this MR. +# + end_of_support_milestone: # (optional) Use "XX.YY" format. The milestone when support for this feature will end. + # + # OTHER OPTIONAL FIELDS + # + tiers: Premium # (optional - may be required in the future) An array of tiers that the feature is available in currently. e.g., [Free, Silver, Gold, Core, Premium, Ultimate] + documentation_url: https://docs.gitlab.com/ee/ci/review_apps/#visual-reviews # (optional) This is a link to the current documentation page + image_url: # (optional) This is a link to a thumbnail image depicting the feature + video_url: # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg diff --git a/doc/administration/auditor_users.md b/doc/administration/auditor_users.md index a047e7c1f0b..38c3a089756 100644 --- a/doc/administration/auditor_users.md +++ b/doc/administration/auditor_users.md @@ -55,6 +55,7 @@ If you are signed in with auditor access, you: you can push commits or comment on issues. - Can access the same resources using the GitLab UI or API. - Can't view the Admin Area, or perform any administration actions. +- Can't view job logs when [debug logging](../ci/variables/index.md#enable-debug-logging) is enabled. ## Maintain auditor users using API diff --git a/doc/administration/auth/ldap/google_secure_ldap.md b/doc/administration/auth/ldap/google_secure_ldap.md index 01197fdacdf..e0612099221 100644 --- a/doc/administration/auth/ldap/google_secure_ldap.md +++ b/doc/administration/auth/ldap/google_secure_ldap.md @@ -24,33 +24,33 @@ The steps below cover: 1. Go to **Apps > LDAP > Add Client**. -1. Provide an `LDAP client name` and an optional `Description`. Any descriptive - values are acceptable. For example, the name could be 'GitLab' and the - description could be 'GitLab LDAP Client'. Select the **Continue** button. +1. Provide an **LDAP client name** and an optional **Description**. Any descriptive + values are acceptable. For example, the name could be `GitLab` and the + description could be `GitLab LDAP Client`. Select **Continue**.  1. Set **Access Permission** according to your needs. You must choose either - 'Entire domain (GitLab)' or 'Selected organizational units' for both 'Verify user - credentials' and 'Read user information'. Select 'Add LDAP Client' + `Entire domain (GitLab)` or `Selected organizational units` for both **Verify user + credentials** and **Read user information**. Select **Add LDAP Client**. NOTE: If you plan to use GitLab [LDAP Group Sync](ldap_synchronization.md#group-sync) - , turn on 'Read group information'. + , turn on `Read group information`.  1. Download the generated certificate. This is required for GitLab to communicate with the Google Secure LDAP service. Save the downloaded certificates - for later use. After downloading, select the **Continue to Client Details** button. + for later use. After downloading, select **Continue to Client Details**. -1. Expand the **Service Status** section and turn the LDAP client 'ON for everyone'. - After selecting 'Save', select the 'Service Status' bar again to collapse +1. Expand the **Service Status** section and turn the LDAP client `ON for everyone`. + After selecting **Save**, select the **Service Status** bar again to collapse and return to the rest of the settings. -1. Expand the **Authentication** section and choose 'Generate New Credentials'. - Copy/note these credentials for later use. After selecting 'Close', select - the 'Authentication' bar again to collapse and return to the rest of the settings. +1. Expand the **Authentication** section and choose **Generate New Credentials**. + Copy/note these credentials for later use. After selecting **Close**, select + the **Authentication** bar again to collapse and return to the rest of the settings. Now the Google Secure LDAP Client configuration is finished. The screenshot below shows an example of the final settings. Continue on to configure GitLab. diff --git a/doc/administration/auth/ldap/ldap-troubleshooting.md b/doc/administration/auth/ldap/ldap-troubleshooting.md index 21ec4b293d4..95064b296af 100644 --- a/doc/administration/auth/ldap/ldap-troubleshooting.md +++ b/doc/administration/auth/ldap/ldap-troubleshooting.md @@ -373,7 +373,7 @@ things to debug the situation. 1. Search for the user. 1. Open the user by selecting their name. Do not select **Edit**. 1. Select the **Identities** tab. There should be an LDAP identity with - an LDAP DN as the 'Identifier'. If not, this user hasn't signed in with + an LDAP DN as the `Identifier`. If not, this user hasn't signed in with LDAP yet and must do so first. - You've waited an hour or [the configured interval](ldap_synchronization.md#adjust-ldap-group-sync-schedule) for the group to sync. To speed up the process, either go to the GitLab group **Group information > Members** @@ -523,8 +523,8 @@ LDAP group lookups. The very last occurrence of this entry should indicate exactly which users GitLab believes should be added to the group. NOTE: -10 is 'Guest', 20 is 'Reporter', 30 is 'Developer', 40 is 'Maintainer' -and 50 is 'Owner'. +10 is `Guest`, 20 is `Reporter`, 30 is `Developer`, 40 is `Maintainer` +and 50 is `Owner`. ```shell Resolved 'my_group' group member access: {"uid=john0,ou=people,dc=example,dc=com"=>30, diff --git a/doc/administration/geo/replication/location_aware_git_url.md b/doc/administration/geo/replication/location_aware_git_url.md index 460de5f3232..4a3f9c86041 100644 --- a/doc/administration/geo/replication/location_aware_git_url.md +++ b/doc/administration/geo/replication/location_aware_git_url.md @@ -57,7 +57,7 @@ routing configurations.  -1. Select the **Create traffic policy** button. +1. Select **Create traffic policy**.  diff --git a/doc/administration/geo/replication/remove_geo_site.md b/doc/administration/geo/replication/remove_geo_site.md index 4b9f31dc08c..3826ee00bb1 100644 --- a/doc/administration/geo/replication/remove_geo_site.md +++ b/doc/administration/geo/replication/remove_geo_site.md @@ -11,7 +11,7 @@ type: howto 1. On the top bar, select **Main menu > Admin**. 1. On the left sidebar, select **Geo > Nodes**. -1. Select the **Remove** button for the **secondary** site you want to remove. +1. For the **secondary** site you want to remove, select **Remove**. 1. Confirm by selecting **Remove** when the prompt appears. After the **secondary** site is removed from the Geo administration page, you must diff --git a/doc/administration/load_balancer.md b/doc/administration/load_balancer.md index ad89d32183b..83b42295035 100644 --- a/doc/administration/load_balancer.md +++ b/doc/administration/load_balancer.md @@ -36,7 +36,7 @@ for details on managing SSL certificates and configuring NGINX. ### Load Balancers terminate SSL without backend SSL -Configure your load balancers to use the 'HTTP(S)' protocol rather than 'TCP'. +Configure your load balancers to use the `HTTP(S)` protocol rather than `TCP`. The load balancers is be responsible for managing SSL certificates and terminating SSL. @@ -47,7 +47,7 @@ for details. ### Load Balancers terminate SSL with backend SSL -Configure your load balancers to use the 'HTTP(S)' protocol rather than 'TCP'. +Configure your load balancers to use the `HTTP(S)` protocol rather than `TCP`. The load balancers is responsible for managing SSL certificates that end users see. diff --git a/doc/administration/monitoring/performance/grafana_configuration.md b/doc/administration/monitoring/performance/grafana_configuration.md index 92e9672cdb6..3dec34ebace 100644 --- a/doc/administration/monitoring/performance/grafana_configuration.md +++ b/doc/administration/monitoring/performance/grafana_configuration.md @@ -25,9 +25,9 @@ is `admin`. 1. Log in to Grafana as the administration user. 1. Select **Data Sources** from the **Configuration** menu. -1. Select the **Add data source** button. +1. Select **Add data source**. 1. Select the required data source type. For example, [Prometheus](../prometheus/index.md#prometheus-as-a-grafana-data-source). -1. Complete the details for the data source and select the **Save & Test** button. +1. Complete the details for the data source and select **Save & Test**. Grafana should indicate the data source is working. @@ -43,8 +43,8 @@ them: 1. Log in to Grafana as the administration user. 1. Select **Manage** from the **Dashboards** menu. - 1. Select the **Import** button, then the **Upload JSON file** button. - 1. Locate the JSON file to import and select **Choose for Upload**. Select the **Import** button. + 1. Select **Import**, then **Upload JSON file**. + 1. Locate the JSON file to import and select **Choose for Upload**. Select **Import**. 1. After the dashboard is imported, select the **Save dashboard** icon in the top bar. If you don't save the dashboard after importing it, the dashboard is removed diff --git a/doc/ci/test_cases/index.md b/doc/ci/test_cases/index.md index 8d2788539d8..4088e5e82c6 100644 --- a/doc/ci/test_cases/index.md +++ b/doc/ci/test_cases/index.md @@ -25,9 +25,9 @@ Prerequisite: To create a test case in a GitLab project: 1. Go to **CI/CD > Test Cases**. -1. Select the **New test case** button. You are taken to the new test case form. Here you can enter +1. Select **New test case**. You are taken to the new test case form. Here you can enter the new case's title, [description](../../user/markdown.md), attach a file, and assign [labels](../../user/project/labels.md). -1. Select the **Submit test case** button. You are taken to view the new test case. +1. Select **Submit test case**. You are taken to view the new test case. ## View a test case @@ -73,7 +73,7 @@ Prerequisite: - You must have at least the Reporter role. -To archive a test case, on the test case's page, select the **Archive test case** button. +To archive a test case, on the test case's page, select **Archive test case**. To view archived test cases: diff --git a/doc/ci/testing/code_quality.md b/doc/ci/testing/code_quality.md index 8691c2cd8c6..2a1dffe07fc 100644 --- a/doc/ci/testing/code_quality.md +++ b/doc/ci/testing/code_quality.md @@ -8,157 +8,120 @@ info: To determine the technical writer assigned to the Stage/Group associated w > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. -To ensure your project's code stays simple, readable, and easy to contribute to, -you can use [GitLab CI/CD](../index.md) to analyze your source code quality. +Use Code Quality to analyze your source code's quality and complexity. This helps keep your +project's code simple, readable, and easier to maintain. Code Quality should supplement your +other review processes, not replace them. -For example, while you're implementing a feature, you can run Code Quality reports -to analyze how your improvements are impacting your code's quality. You can -use this information to ensure that your changes are improving performance rather -than degrading it. +Code Quality uses the open source Code Climate tool, and selected +[plugins](https://docs.codeclimate.com/docs/list-of-engines), to analyze your source code. +To confirm if your code's languages are covered, see the Code Climate list of +[Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability). +You can extend the code coverage either by using Code Climate +[Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a +[custom tool](#implement-a-custom-tool). -Code Quality: +Run Code Quality reports in your CI/CD pipeline to verify changes don't degrade your code's quality, +_before_ committing them to the default branch. -- Uses [plugins](https://docs.codeclimate.com/docs/list-of-engines) supported by Code Climate, which are - free and open source. Code Quality does not require a Code Climate - subscription. -- Runs in [pipelines](../pipelines/index.md) by using a Docker image built in the - [GitLab Code Quality](https://gitlab.com/gitlab-org/ci-cd/codequality) project. -- Uses [default Code Climate configurations](https://gitlab.com/gitlab-org/ci-cd/codequality/-/tree/master/codeclimate_defaults). -- Can make use of a [template](#example-configuration). -- Is available by using [Auto Code Quality](../../topics/autodevops/stages.md#auto-code-quality), provided by [Auto DevOps](../../topics/autodevops/index.md). -- Can be extended through [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) or a [custom tool](#implementing-a-custom-tool). - -## Summary of features per tier +## Features per tier Different features are available in different [GitLab tiers](https://about.gitlab.com/pricing/), as shown in the following table: -| Capability | In Free | In Premium | In Ultimate | -|:----------------------------------------------------------------------|:--------------------|:--------------------|:-------------------| -| [Configure scanners](#configuring-jobs-using-variables) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [Integrate custom scanners](#implementing-a-custom-tool) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [Generate JSON or HTML report artifacts](#generate-an-html-report) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [See findings in merge request widget](#code-quality-widget) | **{check-circle}** | **{check-circle}** | **{check-circle}** | -| [See reports in CI pipelines](#code-quality-reports) | **{dotted-circle}** | **{check-circle}** | **{check-circle}** | -| [See findings in merge request diff view](#code-quality-in-diff-view) | **{dotted-circle}** | **{dotted-circle}** | **{check-circle}** | +| Capability | In Free | In Premium | In Ultimate | +|:-----------------------------------------------------------------------|:--------------------|:--------------------|:-------------------| +| [Configure scanners](#customizing-scan-settings) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [Integrate custom scanners](#implement-a-custom-tool) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [See findings in merge request widget](#merge-request-widget) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [Generate JSON or HTML report artifacts](#output) | **{check-circle}** | **{check-circle}** | **{check-circle}** | +| [See reports in CI pipelines](#pipeline-details-view) | **{dotted-circle}** | **{check-circle}** | **{check-circle}** | +| [See findings in merge request diff view](#merge-request-changes-view) | **{dotted-circle}** | **{dotted-circle}** | **{check-circle}** | -## Code Quality Widget +## View Code Quality results -> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. +Code Quality results are shown in the: -Going a step further, GitLab can show the Code Quality report right -in the merge request widget area if a report from the target branch is available to compare to: +- Merge request widget +- Merge request changes view +- Pipeline details view - +### Merge request widget -Watch a quick walkthrough of Code Quality in action: - -<div class="video-fallback"> - See the video: <a href="https://www.youtube.com/watch?v=B32LxtJKo9M">Code Quality: Speed Run</a>. -</div> -<figure class="video-container"> - <iframe src="https://www.youtube.com/embed/B32LxtJKo9M" frameborder="0" allowfullscreen="true"> </iframe> -</figure> +> [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2. -NOTE: -For one customer, the auditor found that having Code Quality, SAST, and Container Scanning all automated in GitLab CI/CD was almost better than a manual review! [Read more](https://about.gitlab.com/customers/bi_worldwide/). +Code Quality analysis results display in the merge request widget area if a report from the target +branch is available for comparison. -See also the Code Climate list of [Supported Languages for Maintainability](https://docs.codeclimate.com/docs/supported-languages-for-maintainability). + -## Code Quality in diff view **(ULTIMATE)** +### Merge request changes view **(ULTIMATE)** > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267612) in GitLab 13.11, disabled by default behind the `codequality_mr_diff` [feature flag](../../administration/feature_flags.md). > - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 13.12. > - [Disabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) in GitLab 14.0 due to [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/334116). > - [Inline annotation added](https://gitlab.com/gitlab-org/gitlab/-/issues/2526) and [feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/284140) in GitLab 14.1. -> - [Updated](https://gitlab.com/groups/gitlab-org/-/epics/8071) to handle multiple findings better in GitLab 15.7, disabled by default behind the `refactor_code_quality_inline_findings` [feature flag](../../administration/feature_flags.md). - -Changes to files in merge requests can cause Code Quality to fall if merged. In these cases, -the merge request's diff view displays an indicator next to lines with new Code Quality violations. For example: - - - -## Example configuration -This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker. +Code Quality results display in the merge request **Changes** view. Lines containing Code Quality +issues are marked by an indicator beside the gutter. Hover over the marker for details of the issue. -- Using shared runners, the job should be configured For the [Docker-in-Docker workflow](../docker/using_docker_build.md#use-docker-in-docker). -- Using private runners, there is an [alternative configuration](#set-up-a-private-runner-for-code-quality-without-docker-in-docker) recommended for running Code Quality analysis more efficiently. + -In either configuration, the runner must have enough disk space to handle generated Code Quality files. For example on the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB. +### Pipeline details view **(PREMIUM)** -Once you set up GitLab Runner, include the [Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml) in your CI configuration: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml -``` - -The above example creates a `code_quality` job in your CI/CD pipeline which -scans your source code for code quality issues. The report is saved as a -[Code Quality report artifact](../yaml/artifacts_reports.md#artifactsreportscodequality) -that you can later download and analyze. - -It's also possible to override the URL to the Code Quality image by -setting the `CODE_QUALITY_IMAGE` CI/CD variable. This is particularly useful if you want -to lock in a specific version of Code Quality, or use a fork of it: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml +The full list of Code Quality violations generated by a pipeline is shown in the **Code Quality** +tab of the pipeline's details page. -code_quality: - variables: - CODE_QUALITY_IMAGE: "registry.example.com/codequality-fork:latest" -``` + -In [GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/11100), you can override the [Code Quality environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables): +## Enable Code Quality -```yaml -variables: - TIMEOUT_SECONDS: 1 +Prerequisites: -include: - - template: Code-Quality.gitlab-ci.yml -``` +- GitLab CI/CD configuration (`.gitlab-ci.yml`) must include the `test` stage. +- If you're using shared runners, the Code Quality job must be configured for the + [Docker-in-Docker workflow](../docker/using_docker_build.md#use-docker-in-docker). +- If you're using private runners, you should use an + [alternative configuration](#improve-code-quality-performance-with-private-runners) + recommended for running Code Quality analysis more efficiently. +- The runner must have enough disk space to store the generated Code Quality files. For example, on + the [GitLab project](https://gitlab.com/gitlab-org/gitlab) the files are approximately 7 GB. -By default, report artifacts are not downloadable. If you need them downloadable on the -job details page, you can add `gl-code-quality-report.json` to the artifact paths like so: +To enable Code Quality, either: -```yaml -include: - - template: Code-Quality.gitlab-ci.yml +- Enable [Auto DevOps](../../topics/autodevops/index.md), which includes + [Auto Code Quality](../../topics/autodevops/stages.md#auto-secret-detection). -code_quality: - artifacts: - paths: [gl-code-quality-report.json] -``` +- Include the Code Quality template in your + `.gitlab-ci.yml` file. -The included `code_quality` job is running in the `test` stage, so it needs to be included in your CI configuration, like so: + Example: -```yaml -stages: - - test -``` + ```yaml + include: + - template: Code-Quality.gitlab-ci.yml + ``` -NOTE: -This information is automatically extracted and shown right in the merge request widget. + Code Quality now runs in pipelines. WARNING: -On self-managed instances, if a malicious actor compromises the Code Quality job -definition they could execute privileged Docker commands on the runner -host. Having proper access control policies mitigates this attack vector by -allowing access only to trusted actors. +On self-managed instances, if a malicious actor compromises the Code Quality job definition they +could execute privileged Docker commands on the runner host. Having proper access control policies +mitigates this attack vector by allowing access only to trusted actors. -### Set up a private runner for code quality without Docker-in-Docker +### Improve Code Quality performance with private runners -It's possible to configure your own runners and avoid Docker-in-Docker. You can use a -configuration that may greatly speed up job execution without requiring your runners -to operate in privileged mode. +If you have private runners, you should use this configuration for improved performance of Code +Quality because: + +- Privileged mode is not used. +- Docker-in-Docker is not used. +- Docker images, including all CodeClimate images, are cached, and not re-fetched for subsequent jobs. This alternative configuration uses socket binding to share the Runner's Docker daemon -with the job environment. Be aware that this configuration [has significant considerations](../docker/using_docker_build.md#use-docker-socket-binding) -to be consider, but may be preferable depending on your use case. +with the job environment. Before implementing this configuration, consider its +[limitations](../docker/using_docker_build.md#use-docker-socket-binding). + +To use private runners: 1. Register a new runner: @@ -223,73 +186,136 @@ to be consider, but may be preferable depending on your use case. - cq-sans-dind # Set this job to only run on our new specialized runner ``` -The end result is that: +Code Quality now runs in standard Docker mode. -- Privileged mode is not used. -- Docker-in-Docker is not used. -- Docker images, including all CodeClimate images, are cached, and not re-fetched for subsequent jobs. +## Disable Code Quality -With this configuration, the run time for a second pipeline is much shorter. For example -this [small change](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/diffs?commit_id=1e705607aef7236c1b20bb6f637965f3f3e53a46) -to an [open merge request](https://gitlab.com/drew/test-code-quality-template/-/merge_requests/4/pipelines) -running Code Quality analysis ran significantly faster the second time: +The `code_quality` job doesn't run if the `$CODE_QUALITY_DISABLED` CI/CD variable +is present. Refer to the CI/CD variables [documentation](../variables/index.md) +to learn more about how to define one. - +To disable Code Quality, create a custom CI/CD variable named `CODE_QUALITY_DISABLED`, for either: -This configuration is not possible on `gitlab.com` shared runners. Shared runners -are configured with `privileged=true`, and they do not expose `docker.sock` into -the job container. As a result, socket binding cannot be used to make `docker` available -in the context of the job script. +- [The whole project](../variables/index.md#for-a-project). +- [A single pipeline](../variables/index.md#override-a-variable-when-running-a-pipeline-manually). -[Docker-in-Docker](../docker/using_docker_build.md#use-docker-in-docker) -was chosen as an operational decision by the runner team, instead of exposing `docker.sock`. +## Customizing scan settings -### Disabling the code quality job +The Code Quality scan settings can be changed using [CI/CD variables](#available-cicd-variables) +in `.gitlab-ci.yml`. -The `code_quality` job doesn't run if the `$CODE_QUALITY_DISABLED` CI/CD variable -is present. Please refer to the CI/CD variables [documentation](../variables/index.md) -to learn more about how to define one. +To configure the Code Quality job: -To disable the `code_quality` job, add `CODE_QUALITY_DISABLED` as a custom CI/CD variable. -This can be done: +1. Declare a job with the same name as the Code Quality job, after the template's inclusion. +1. Specify additional keys in the job's stanza. -- For [the whole project](../variables/index.md#for-a-project). -- For a single pipeline run: +For an example, see [Download output in JSON format](#download-output-in-json-format). - 1. Go to **CI/CD > Pipelines** - 1. Select **Run pipeline** - 1. Add `CODE_QUALITY_DISABLED` as the variable key, with any value. +### Available CI/CD variables -### Using with merge request pipelines +> In [GitLab 13.4 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/11100), the option to override the Code Quality environment variables was added. -The configuration provided by the Code Quality template does not let the `code_quality` job -run on [merge request pipelines](../pipelines/merge_request_pipelines.md). +Code Quality can be customized by defining available CI/CD variables: -If merge request pipelines is enabled, the `code_quality:rules` must be redefined. +| CI/CD variable | Description | +| --------------------------- | ----------- | +| `SOURCE_CODE` | Path to the source code to scan. | +| `TIMEOUT_SECONDS` | Custom timeout for the `codeclimate analyze` command. | +| `CODECLIMATE_DEBUG` | Set to enable [Code Climate debug mode](https://github.com/codeclimate/codeclimate#environment-variables) | +| `CODECLIMATE_DEV` | Set to enable `--dev` mode which lets you run engines not known to the CLI. | +| `REPORT_STDOUT` | Set to print the report to `STDOUT` instead of generating the usual report file. | +| `REPORT_FORMAT` | Set to control the format of the generated report file. One of: `json\|html`. | +| `ENGINE_MEMORY_LIMIT_BYTES` | Set the memory limit for engines, default is 1,024,000,000 bytes. | +| `CODE_QUALITY_DISABLED` | Prevents the Code Quality job from running. | +| `CODECLIMATE_PREFIX` | Set a prefix to use with all `docker pull` commands in CodeClimate engines. Useful for [offline scanning](https://github.com/codeclimate/codeclimate/pull/948). | -The template has these [`rules`](../yaml/index.md#rules) for the `code quality` job: +## Output + +Code Quality creates a file named `gl-code-quality-report.json`. The content of this file is +processed internally and the results shown in the UI. To see the raw results, you can +configure the Code Quality job to allow download of this file. Format options are JSON format, HTML +format, or both. Use the HTML format to view the report in a more human-readable +format. For example, you could publish the HTML format file on GitLab Pages for even easier +reviewing. + +### Download output in JSON format + +To be able to download the Code Quality report in JSON format, declare the +`gl-code-quality-report.json` file as an artifact of the `code_quality` job: ```yaml +include: + - template: Code-Quality.gitlab-ci.yml + code_quality: - rules: - - if: $CODE_QUALITY_DISABLED - when: never - - if: $CI_COMMIT_TAG || $CI_COMMIT_BRANCH + artifacts: + paths: [gl-code-quality-report.json] ``` -If you are using merge request pipelines, your `rules` (or [`workflow: rules`](../yaml/index.md#workflow)) -might look like this example: +The full JSON file is available as a +[downloadable artifact](../pipelines/job_artifacts.md#download-job-artifacts) of the `code_quality` +job. + +### Download output in JSON and HTML format + +> HTML report format [introduced](https://gitlab.com/gitlab-org/ci-cd/codequality/-/issues/10) in GitLab 13.6. + +NOTE: +To create the HTML format file, the Code Quality job must be run twice, once for each format. +In this configuration, the JSON format file is created but it is only processed internally. + +To be able to download the Code Quality report in both JSON and HTML format, add another job to your +template by using `extends: code_quality`: ```yaml -job1: - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" # Run job1 in merge request pipelines - - if: $CI_COMMIT_BRANCH == "main" # Run job1 in pipelines on the main branch (but not in other branch pipelines) - - if: $CI_COMMIT_TAG # Run job1 in pipelines for tags +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality_html: + extends: code_quality + variables: + REPORT_FORMAT: html + artifacts: + paths: [gl-code-quality-report.html] +``` + +Both the JSON and HTML files are available as +[downloadable artifacts](../pipelines/job_artifacts.md#download-job-artifacts) of the `code_quality` +job. + +### Download output in only HTML format + +To download the Code Quality report in _only_ an HTML format file, set `REPORT_FORMAT` to `html` in +the existing job. + +NOTE: +This does not create a JSON format file, so Code Quality results are not shown in the +merge request widget, pipeline report, or changes view. + +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + variables: + REPORT_FORMAT: html + artifacts: + paths: [gl-code-quality-report.html] ``` -To make these work together, you need to overwrite the code quality `rules` -so that they match your current `rules`. From the example above, it could look like: +The HTML file is available as a +[downloadable artifact](../pipelines/job_artifacts.md#download-job-artifacts) of the `code_quality` +job. + +## Use Code Quality with merge request pipelines + +The default Code Quality configuration does not allow the `code_quality` job to run on +[merge request pipelines](../pipelines/merge_request_pipelines.md). + +To enable Code Quality to run on merge request pipelines, overwrite the code quality `rules`, +or [`workflow: rules`](../yaml/index.md#workflow), so that they match your current `rules`. + +For example: ```yaml include: @@ -304,14 +330,13 @@ code_quality: - if: $CI_COMMIT_TAG # Run code quality job in pipelines for tags ``` -### Configure Code Quality to use a private container image registry +## Use a private container image registry -> [Introduced](https://gitlab.com/gitlab-org/ci-cd/codequality/-/merge_requests/30) in 13.7. +> [Introduced](https://gitlab.com/gitlab-org/ci-cd/codequality/-/merge_requests/30) in GitLab 13.7. -To reduce network time and external dependency, you can use your own -container image registry to host the Code Quality Docker images. Because of -the nested architecture of container execution, the registry prefix must -be specifically configured to be passed down into CodeClimate's subsequent +Using a private container image registry can reduce the time taken to download images, and also +reduce external dependencies. Because of the nested architecture of container execution, the +registry prefix must be specifically configured to be passed down into CodeClimate's subsequent `docker pull` commands for individual engines. The following variables can address all of the required image pulls: @@ -320,7 +345,8 @@ The following variables can address all of the required image pulls: accessible from your job environment. GitLab Container Registry can be used here to host your own copy. - `CODECLIMATE_PREFIX`: The domain of your intended container image registry. This - is a configuration option supported by [CodeClimate CLI](https://github.com/codeclimate/codeclimate/pull/948). You must: + is a configuration option supported by [CodeClimate CLI](https://github.com/codeclimate/codeclimate/pull/948). + You must: - Include a trailing slash (`/`). - Not include a protocol prefix, such as `https://`. - `CODECLIMATE_REGISTRY_USERNAME`: An optional variable to specify the username for the registry domain parsed from `CODECLIMATE_PREFIX`. @@ -328,7 +354,7 @@ The following variables can address all of the required image pulls: ```yaml include: - - template: Jobs/Code-Quality.gitlab-ci.yml + - template: Code-Quality.gitlab-ci.yml code_quality: variables: @@ -336,13 +362,13 @@ code_quality: CODECLIMATE_PREFIX: "my-private-registry.local:12345/" ``` -This example is specific to GitLab Code Quality. For more general -instructions on how to configure DinD with a registry mirror, see the -relevant [documentation](../docker/using_docker_build.md#enable-registry-mirror-for-dockerdind-service). +This example is specific to GitLab Code Quality. For more general instructions on how to configure +DinD with a registry mirror, see +[Enable registry mirror for Docker-in-Docker service](../docker/using_docker_build.md#enable-registry-mirror-for-dockerdind-service). -#### List of images to be stored in the private container registry +### Required images -The following images are needed for the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template): +The following images are required for the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template): - `codeclimate/codeclimate-structure:latest` - `codeclimate/codeclimate-csslint:latest` @@ -354,30 +380,22 @@ The following images are needed for the [default `.codeclimate.yml`](https://git If you are using a custom `.codeclimate.yml` configuration file, you must add the specified plugins in your private container registry. -#### Configure Code Quality to use the Dependency Proxy +## Use DockerHub with authentication -Prerequisite: +You can use DockerHub as an alternate source of the Code Quality images. -- The project must be in a group where the [Dependency Proxy](../../user/packages/dependency_proxy/index.md) is enabled. +Prerequisites: -Here is an example of how to configure Code Quality to use the Dependency Proxy: +- Add the username and password as [protected CI/CD variables](../variables/index.md#for-a-project) + in the project. -```yaml -include: - - template: Jobs/Code-Quality.gitlab-ci.yml +To use DockerHub, configure the following variables in the `.gitlab-ci.yml` file: -code_quality: - variables: - CODE_QUALITY_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/codequality:0.85.24" - ## You must add a trailing slash to `$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX`. - CODECLIMATE_PREFIX: $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/ - CODECLIMATE_REGISTRY_USERNAME: $CI_DEPENDENCY_PROXY_USER - CODECLIMATE_REGISTRY_PASSWORD: $CI_DEPENDENCY_PROXY_PASSWORD -``` +- `CODECLIMATE_PREFIX` +- `CODECLIMATE_REGISTRY_USERNAME` +- `CODECLIMATE_REGISTRY_PASSWORD` -#### Configure Code Quality to use Dockerhub with authentication - -Here is an example of how to configure Code Quality to use Dockerhub with authentication: +Example: ```yaml include: @@ -390,29 +408,43 @@ code_quality: CODECLIMATE_REGISTRY_PASSWORD: $DOCKERHUB_PASSWORD ``` -You should add the username and password as [protected CI/CD variables](../variables/index.md#for-a-project) -in the project. +## Use the Dependency Proxy -## Configuring jobs using variables +You can use a Dependency Proxy to reduce the time taken to download dependencies. -The Code Quality job supports environment variables that users can set to -configure job execution at runtime. +Prerequisite: -For a list of available environment variables, see -[Environment variables](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables). +- [Dependency Proxy](../../user/packages/dependency_proxy/index.md) enabled in the project's + group. -## Implementing a custom tool +To reference the Dependency Proxy, configure the following variables in the `.gitlab-ci.yml` file: -It's possible to have a custom tool provide Code Quality reports in GitLab. To -do this: +- `CODE_QUALITY_IMAGE` +- `CODECLIMATE_PREFIX` +- `CODECLIMATE_REGISTRY_USERNAME` +- `CODECLIMATE_REGISTRY_PASSWORD` -1. Define a job in your `.gitlab-ci.yml` file that generates the - [Code Quality report artifact](../yaml/artifacts_reports.md#artifactsreportscodequality). -1. Configure your tool to generate the Code Quality report artifact as a JSON - file that implements a subset of the [Code Climate spec](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types). +For example: -The Code Quality report artifact JSON file must contain an array of objects -with the following properties: +```yaml +include: + - template: Code-Quality.gitlab-ci.yml + +code_quality: + variables: + CODE_QUALITY_IMAGE: "$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/codequality:0.85.24" + ## You must add a trailing slash to `$CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX`. + CODECLIMATE_PREFIX: $CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX/ + CODECLIMATE_REGISTRY_USERNAME: $CI_DEPENDENCY_PROXY_USER + CODECLIMATE_REGISTRY_PASSWORD: $CI_DEPENDENCY_PROXY_PASSWORD +``` + +## Implement a custom tool + +You can integrate a custom tool into GitLab to provide Code Quality reports. + +The Code Quality report artifact JSON file must contain an array of objects with the following +properties: | Name | Description | | ---------------------- | ----------------------------------------------------------------------------------------- | @@ -422,6 +454,18 @@ with the following properties: | `location.path` | The relative path to the file containing the code quality violation. | | `location.lines.begin` or `location.positions.begin.line` | The line on which the code quality violation occurred. | +NOTE: +Although the Code Climate specification supports more properties, those are ignored by GitLab. +The GitLab parser does not allow a [byte order mark](https://en.wikipedia.org/wiki/Byte_order_mark) +at the beginning of the file. + +To implement a custom Code Quality tool: + +1. Define a job in your `.gitlab-ci.yml` file that generates the + [Code Quality report artifact](../yaml/artifacts_reports.md#artifactsreportscodequality). +1. Configure the tool to generate the Code Quality report artifact as a JSON + file that implements a subset of the [Code Climate spec](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types). + Example: ```json @@ -440,163 +484,33 @@ Example: ] ``` -NOTE: -Although the Code Climate spec supports more properties, those are ignored by -GitLab. -The GitLab parser does not allow a [byte order mark](https://en.wikipedia.org/wiki/Byte_order_mark) -at the beginning of the file. - -## Code Quality reports **(PREMIUM)** - -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/21527) in GitLab 12.9. - - - -After the Code Quality job completes: - -- Potential changes to code quality are shown directly in the merge request. - The Code Quality widget in the merge request compares the reports from the base and head of the branch, - then lists any violations that are resolved or created when the branch is merged. -- The full JSON report is available as a - [downloadable artifact](../pipelines/job_artifacts.md#download-job-artifacts) - for the `code_quality` job. -- The full list of code quality violations generated by a pipeline is shown in the - Code Quality tab of the Pipeline Details page. - -## Generate an HTML report - -In [GitLab 13.6 and later](https://gitlab.com/gitlab-org/ci-cd/codequality/-/issues/10), -it is possible to generate an HTML report file by setting the `REPORT_FORMAT` -CI/CD variable to `html`. This is useful if you just want to view the report in a more -human-readable format or to publish this artifact on GitLab Pages for even -easier reviewing. - -To generate both JSON and HTML report files, add another job to your template by using `extends: code_quality`: - -```yaml -include: - - template: Code-Quality.gitlab-ci.yml - -code_quality_html: - extends: code_quality - variables: - REPORT_FORMAT: html - artifacts: - paths: [gl-code-quality-report.html] -``` - -NOTE: -Adding a job means your code is scanned twice: once to generate a JSON report and once to generate an HTML report. +## Using Analysis Plugins -You can also generate _only_ an HTML report instead of the standard JSON report. To do so, set `REPORT_FORMAT` to `html` in the existing job: +Code Quality functionality can be extended by using Code Climate +[Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines). -```yaml -include: - - template: Code-Quality.gitlab-ci.yml +For example, to use the [SonarJava analyzer](https://docs.codeclimate.com/docs/sonar-java): -code_quality: - variables: - REPORT_FORMAT: html - artifacts: - paths: [gl-code-quality-report.html] -``` +1. Add a file named `.codeclimate.yml` to the root of your repository +1. Add to the `.codeclimate.yml` the [enablement code](https://docs.codeclimate.com/docs/sonar-java#enable-the-plugin) + for the plugin to the root of your repository: -WARNING: -If you only generate an HTML report, you can't see your results in the [merge request widget](#code-quality-widget), [pipeline report](#code-quality-reports), or [diff view](#code-quality-in-diff-view). -These features require a JSON report. - -## Extending functionality - -### Using Analysis Plugins - -Should there be a need to extend the default functionality provided by Code Quality, as stated in [Code Quality](#code-quality), [Analysis Plugins](https://docs.codeclimate.com/docs/list-of-engines) are available. - -For example, to use the [SonarJava analyzer](https://docs.codeclimate.com/docs/sonar-java), -add a file named `.codeclimate.yml` containing the [enablement code](https://docs.codeclimate.com/docs/sonar-java#enable-the-plugin) -for the plugin to the root of your repository: - -```yaml -version: "2" -plugins: - sonar-java: - enabled: true -``` + ```yaml + version: "2" + plugins: + sonar-java: + enabled: true + ``` -This adds SonarJava to the `plugins:` section of the [default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) +This adds SonarJava to the `plugins:` section of the +[default `.codeclimate.yml`](https://gitlab.com/gitlab-org/ci-cd/codequality/-/blob/master/codeclimate_defaults/.codeclimate.yml.template) included in your project. -Changes to the `plugins:` section do not affect the `exclude_patterns` section of the -default `.codeclimate.yml`. See the Code Climate documentation for +Changes to the `plugins:` section do not affect the `exclude_patterns` section of the default +`.codeclimate.yml`. See the Code Climate documentation on [excluding files and folders](https://docs.codeclimate.com/docs/excluding-files-and-folders) for more details. -Here's [an example project](https://gitlab.com/jheimbuck_gl/jh_java_example_project) that uses Code Quality with a `.codeclimate.yml` file. - -## Use a Code Quality image hosted in a registry with untrusted certificates - -If you set the `CODE_QUALITY_IMAGE` to an image that is hosted in a -Docker registry which uses a TLS certificate that is not trusted, such as -a self-signed certificate, you can see errors like the one below: - -```shell -$ docker pull --quiet "$CODE_QUALITY_IMAGE" -Error response from daemon: Get https://gitlab.example.com/v2/: x509: certificate signed by unknown authority -``` - -To fix this, configure the Docker daemon to [trust certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) -by putting the certificate inside of the `/etc/docker/certs.d` -directory. - -This Docker daemon is exposed to the subsequent Code Quality Docker container in the -[GitLab Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.8.3-ee/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml#L41) -and should be to exposed any other containers in which you want to have -your certificate configuration apply. - -### Docker - -If you have access to GitLab Runner configuration, add the directory as a -[volume mount](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#volumes-in-the-runnersdocker-section). For example: - -```toml -[[runners]] - ... - executor = "docker" - [runners.docker] - ... - privileged = true - volumes = ["/cache", "/etc/gitlab-runner/certs/gitlab.example.com.crt:/etc/docker/certs.d/gitlab.example.com/ca.crt:ro"] -``` - -Replace `gitlab.example.com` with the actual domain of the registry. - -### Kubernetes - -If you have access to GitLab Runner configuration and the Kubernetes cluster, -you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes.html#configmap-volumes): - -1. Create a ConfigMap with the certificate: - - ```shell - kubectl create configmap registry-crt --namespace gitlab-runner --from-file /etc/gitlab-runner/certs/gitlab.example.com.crt - ``` - -1. Update GitLab Runner `config.toml` to specify the ConfigMap: - - ```toml - [[runners]] - ... - executor = "kubernetes" - [runners.kubernetes] - image = "alpine:3.12" - privileged = true - [[runners.kubernetes.volumes.config_map]] - name = "registry-crt" - mount_path = "/etc/docker/certs.d/gitlab.example.com/ca.crt" - sub_path = "gitlab.example.com.crt" - ``` - -Replace `gitlab.example.com` with the actual domain of the registry. - ## Troubleshooting ### Changing the default configuration has no effect @@ -611,22 +525,27 @@ is still used. This can be due to multiple reasons: -- You just added the Code Quality job in your `.gitlab-ci.yml`. The report does not - have anything to compare to yet, so no information can be displayed. It only displays - after future merge requests have something to compare to. -- Your pipeline is not set to run the code quality job on your target branch. If there is no report generated from the target branch, your MR branch reports have nothing to compare to. In this situation you will see an error stating `Base pipeline codequality artifact not found`. +- You just added the Code Quality job in your `.gitlab-ci.yml`. The report does not have anything to + compare to yet, so no information can be displayed. It only displays after future merge requests + have something to compare to. +- Your pipeline is not set to run the code quality job on your target branch. If there is no report + generated from the target branch, your merge request branch reports have nothing to compare to. In this + situation you get an error stating `Base pipeline codequality artifact not found`. - If no [degradation or error is detected](https://docs.codeclimate.com/docs/maintainability#section-checks), nothing is displayed. -- The [`artifacts:expire_in`](../yaml/index.md#artifactsexpire_in) CI/CD - setting can cause the Code Quality artifacts to expire faster than desired. -- The widgets use the pipeline of the latest commit to the target branch. If commits are made to the default branch that do not run the code quality job, this may cause the merge request widget to have no base report for comparison. -- If you use the [`REPORT_STDOUT` environment variable](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables), no report file is generated and nothing displays in the merge request. +- The [`artifacts:expire_in`](../yaml/index.md#artifactsexpire_in) CI/CD setting can cause the Code + Quality artifacts to expire faster than desired. +- The widgets use the pipeline of the latest commit to the target branch. If commits are made to the + default branch that do not run the code quality job, this may cause the merge request widget to + have no base report for comparison. +- If you use the [`REPORT_STDOUT` environment variable](https://gitlab.com/gitlab-org/ci-cd/codequality#environment-variables), + no report file is generated and nothing displays in the merge request. - Large `gl-code-quality-report.json` files (esp. >10 MB) are [known to prevent the report from being displayed](https://gitlab.com/gitlab-org/gitlab/-/issues/2737). - As a work-around, try removing [properties](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types) - that are [ignored by GitLab](#implementing-a-custom-tool). You can: + As a workaround, try removing [properties](https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types) + that are [ignored by GitLab](#implement-a-custom-tool). You can: - Configure the Code Quality tool to not output those types. - - Use `sed`, `awk` or similar commands in the `.gitlab-ci.yml` script to - edit the `gl-code-quality-report.json` before the job completes. + - Use `sed`, `awk` or similar commands in the `.gitlab-ci.yml` script to edit the + `gl-code-quality-report.json` before the job completes. ### Only a single Code Quality report is displayed, but more are defined @@ -634,7 +553,8 @@ Starting [in GitLab 15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/340525), In previous versions, GitLab only uses the Code Quality artifact from the latest created job (with the largest job ID). If multiple jobs in a pipeline generate a code quality artifact, those of earlier jobs are ignored. -To avoid confusion, configure only one job to generate a `gl-code-quality-report.json`. + +To avoid confusion, configure only one job to generate a `gl-code-quality-report.json` file. ### RuboCop errors @@ -668,19 +588,21 @@ plugins: ### No Code Quality appears on merge requests when using custom tool -If your merge requests do not show any code quality changes when using a custom tool, -ensure that the line property is an `integer`. +If your merge requests do not show any Code Quality changes when using a custom tool, ensure that +the line property is an `integer`. -### Code Quality CI job with Code Climate plugins enabled fails with error +### Error: `Could not analyze code quality` -If you enabled any of the Code Climate plugins, and the Code Quality CI job fails with the error -below, it's likely the job takes longer than the default timeout of 900 seconds: +You might get the error: ```shell error: (CC::CLI::Analyze::EngineFailure) engine pmd ran for 900 seconds and was killed Could not analyze code quality for the repository at /code ``` +If you enabled any of the Code Climate plugins, and the Code Quality CI/CD job fails with this +error message, it's likely the job takes longer than the default timeout of 900 seconds: + To work around this problem, set `TIMEOUT_SECONDS` to a higher value in your `.gitlab.-ci.yml` file. For example: @@ -699,3 +621,69 @@ To ensure Code Quality jobs can run on a Kubernetes executor: - If you're using TLS to communicate with the Docker daemon, the executor [must be running in privileged mode](https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings). Additionally, the certificate directory must be [specified as a volume mount](../docker/using_docker_build.md#docker-in-docker-with-tls-enabled-in-kubernetes). - It is possible that the DinD service doesn't start up fully before the Code Quality job starts. This is a limitation documented in the [Kubernetes executor for GitLab Runner](https://docs.gitlab.com/runner/executors/kubernetes.html#docker-cannot-connect-to-the-docker-daemon-at-tcpdocker2375-is-the-docker-daemon-running) troubleshooting section. + +### Error: `x509: certificate signed by unknown authority` + +If you set the `CODE_QUALITY_IMAGE` to an image that is hosted in a Docker registry which uses a TLS +certificate that is not trusted, such as a self-signed certificate, you can see errors like the one +below: + +```shell +$ docker pull --quiet "$CODE_QUALITY_IMAGE" +Error response from daemon: Get https://gitlab.example.com/v2/: x509: certificate signed by unknown authority +``` + +To fix this, configure the Docker daemon to [trust certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) +by putting the certificate inside of the `/etc/docker/certs.d` directory. + +This Docker daemon is exposed to the subsequent Code Quality Docker container in the +[GitLab Code Quality template](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.8.3-ee/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml#L41) +and should be to exposed any other containers in which you want to have your certificate +configuration apply. + +#### Docker + +If you have access to GitLab Runner configuration, add the directory as a +[volume mount](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#volumes-in-the-runnersdocker-section). + +Replace `gitlab.example.com` with the actual domain of the registry. + +Example: + +```toml +[[runners]] + ... + executor = "docker" + [runners.docker] + ... + privileged = true + volumes = ["/cache", "/etc/gitlab-runner/certs/gitlab.example.com.crt:/etc/docker/certs.d/gitlab.example.com/ca.crt:ro"] +``` + +#### Kubernetes + +If you have access to GitLab Runner configuration and the Kubernetes cluster, +you can [mount a ConfigMap](https://docs.gitlab.com/runner/executors/kubernetes.html#configmap-volumes). + +Replace `gitlab.example.com` with the actual domain of the registry. + +1. Create a ConfigMap with the certificate: + + ```shell + kubectl create configmap registry-crt --namespace gitlab-runner --from-file /etc/gitlab-runner/certs/gitlab.example.com.crt + ``` + +1. Update GitLab Runner `config.toml` to specify the ConfigMap: + + ```toml + [[runners]] + ... + executor = "kubernetes" + [runners.kubernetes] + image = "alpine:3.12" + privileged = true + [[runners.kubernetes.volumes.config_map]] + name = "registry-crt" + mount_path = "/etc/docker/certs.d/gitlab.example.com/ca.crt" + sub_path = "gitlab.example.com.crt" + ``` diff --git a/doc/ci/testing/img/code_quality_host_bound_sequential.png b/doc/ci/testing/img/code_quality_host_bound_sequential.png Binary files differdeleted file mode 100644 index 2b31f3b42ee..00000000000 --- a/doc/ci/testing/img/code_quality_host_bound_sequential.png +++ /dev/null diff --git a/doc/ci/yaml/artifacts_reports.md b/doc/ci/yaml/artifacts_reports.md index e12786f06ce..35d3b0522ca 100644 --- a/doc/ci/yaml/artifacts_reports.md +++ b/doc/ci/yaml/artifacts_reports.md @@ -113,11 +113,14 @@ GitLab can display the results of coverage report in the merge request The `codequality` report collects [code quality issues](../testing/code_quality.md). The collected code quality report uploads to GitLab as an artifact. -GitLab can display the results of one or more reports in: - -- The merge request [code quality widget](../testing/code_quality.md#code-quality-widget). -- The merge request [diff annotations](../testing/code_quality.md#code-quality-in-diff-view). -- The [full report](../testing/metrics_reports.md). +GitLab can display the results of: + +- One or more reports in the merge request [code quality widget](../testing/code_quality.md#merge-request-widget). +- Only one report in: + - The merge request [diff annotations](../testing/code_quality.md#merge-request-changes-view). + Track progress on adding support for multiple reports in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/328257). + - The [full report](../testing/metrics_reports.md). Track progress on adding support for multiple reports in + [issue 9014](https://gitlab.com/gitlab-org/gitlab/-/issues/9014). ## `artifacts:reports:container_scanning` **(ULTIMATE)** diff --git a/doc/integration/google.md b/doc/integration/google.md index 3d174e56bf3..947bf0303be 100644 --- a/doc/integration/google.md +++ b/doc/integration/google.md @@ -51,7 +51,7 @@ In Google's side: 1. Go to the [Google API Console](https://console.developers.google.com/apis/dashboard). 1. Select **ENABLE APIS AND SERVICES** at the top of the page. - 1. Find each of the above APIs. On the page for the API, press the **ENABLE** button. + 1. Find each of the above APIs. On the page for the API, select **ENABLE**. It may take a few minutes for the API to be fully functional. On your GitLab server: diff --git a/doc/operations/metrics/embed_grafana.md b/doc/operations/metrics/embed_grafana.md index 43a7447a978..15969f0d6be 100644 --- a/doc/operations/metrics/embed_grafana.md +++ b/doc/operations/metrics/embed_grafana.md @@ -25,7 +25,7 @@ To use Grafana-rendered images: 1. Go to the dashboard containing the panel in Grafana. 1. From the panel's menu, select **Share**. -1. Select the **Direct link rendered image** button, which provides the link. +1. Select **Direct link rendered image**, which provides the link. 1. Copy the link and add an image tag as [inline HTML](../../user/markdown.md#inline-html) in your Markdown in the format `<img src="your_link"/>`. You can tweak the query parameters to meet your needs, such as removing the `&from=` and `&to=` parameters to display a live panel. diff --git a/doc/subscriptions/bronze_starter.md b/doc/subscriptions/bronze_starter.md index d74cea671a4..91da875a049 100644 --- a/doc/subscriptions/bronze_starter.md +++ b/doc/subscriptions/bronze_starter.md @@ -63,7 +63,7 @@ the tiers are no longer mentioned in GitLab documentation: - [`audit_json.log`](../administration/logs/index.md#audit_jsonlog) (specific entries) - [`elasticsearch.log`](../administration/logs/index.md#elasticsearchlog) - Merge requests: - - [Full code quality reports in the code quality tab](../ci/testing/code_quality.md#code-quality-reports) + - [Full code quality reports in the code quality tab](../ci/testing/code_quality.md#pipeline-details-view) - [Merge request approvals](../user/project/merge_requests/approvals/index.md) - [Multiple assignees](../user/project/merge_requests/index.md#assign-multiple-users) - [Approval Rule information for Reviewers](../user/project/merge_requests/reviews/index.md#approval-rule-information-for-reviewers) diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md index 002292a7372..ab93adaabab 100644 --- a/doc/update/deprecations.md +++ b/doc/update/deprecations.md @@ -159,6 +159,20 @@ Since we released the new [GitLab Container Registry](https://gitlab.com/groups/ Moving forward, we'll continue to invest in developing and releasing new features that will only be available in the GitLab Container Registry. </div> + +<div class="deprecation removal-170 breaking-change"> + +### The Visual Reviews tool is deprecated + +Planned removal: GitLab <span class="removal-milestone">17.0</span> <span class="removal-date"></span> + +WARNING: +This is a [breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/). +Review the details carefully before upgrading. + +Due to limited customer usage and capabilities, the Visual Reviews feature for Review Apps is deprecated and will be removed. There is no planned replacement and users should stop using Visual Reviews before GitLab 17.0. + +</div> </div> <div class="announcement-milestone"> diff --git a/doc/user/admin_area/index.md b/doc/user/admin_area/index.md index 49fa5342bda..559aae63da5 100644 --- a/doc/user/admin_area/index.md +++ b/doc/user/admin_area/index.md @@ -135,8 +135,7 @@ For each user, the following are listed: 1. Date of account creation 1. Date of last activity -To edit a user, select the **Edit** button in that user's -row. To delete the user, or delete the user and their contributions, select the cog dropdown list in +To edit a user, in the user's row, select **Edit**. To delete the user, or delete the user and their contributions, select the cog dropdown list in that user's row, and select the desired option. To change the sort order: @@ -256,9 +255,7 @@ To access the Groups page: 1. On the left sidebar, select **Overview > Groups**. For each group, the page displays their name, description, size, number of projects in the group, -number of members, and whether the group is private, internal, or public. To edit a group, select -the **Edit** button in that group's row. To delete the group, select the **Delete** button in -that group's row. +number of members, and whether the group is private, internal, or public. To edit a group, in the group's row, select **Edit**. To delete the group, in the group's row, select **Delete**. To change the sort order, select the sort dropdown list and select the desired order. The default sort order is by **Last created**. |
