diff options
Diffstat (limited to 'doc/user/project/settings')
| -rw-r--r-- | doc/user/project/settings/import_export.md | 29 | ||||
| -rw-r--r-- | doc/user/project/settings/index.md | 17 | ||||
| -rw-r--r-- | doc/user/project/settings/project_access_tokens.md | 17 |
3 files changed, 41 insertions, 22 deletions
diff --git a/doc/user/project/settings/import_export.md b/doc/user/project/settings/import_export.md index ae3decb8079..30261ed5082 100644 --- a/doc/user/project/settings/import_export.md +++ b/doc/user/project/settings/import_export.md @@ -72,13 +72,14 @@ The following items are exported: The following items are **not** exported: +- [Child pipeline history](https://gitlab.com/gitlab-org/gitlab/-/issues/221088) - Build traces and artifacts - Container registry images - CI/CD variables - Pipeline triggers - Webhooks - Any encrypted tokens -- Merge Request Approvers +- Merge Request Approvers and [the number of required approvals](https://gitlab.com/gitlab-org/gitlab/-/issues/221088) - Repository size limits - Deploy keys allowed to push to protected branches @@ -127,7 +128,7 @@ The following items are imported but changed slightly: associated with such merge requests are created in a project during the import/export. Thus, the number of branches in the exported project might be bigger than in the original project. - If use of the `Internal` visibility level - [is restricted](../../../public_access/public_access.md#restrict-use-of-public-or-internal-projects), + [is restricted](../../public_access.md#restrict-use-of-public-or-internal-projects), all imported projects are given `Private` visibility. Deploy keys aren't imported. To use deploy keys, you must enable them in your imported project and update protected branches. @@ -154,9 +155,9 @@ The default is `0` (unlimited). Imported users can be mapped by their public email addresses on self-managed instances, if an administrator (not an owner) does the import. -- Public email addresses are not set by default. Users must -[set it in their profiles](../../profile/index.md#set-your-public-email) -for mapping to work correctly. +- The project must be exported by a project or group member with the Owner role. +- Public email addresses are not set by default. Users must [set it in their profiles](../../profile/index.md#set-your-public-email) + for mapping to work correctly. - For contributions to be mapped correctly, users must be an existing member of the namespace, or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original author and the MRs, notes, or issues that are owned by the importer. - Imported users are set as [direct members](../members/index.md) @@ -237,7 +238,7 @@ and the exports between them are compatible. ### Project fails to import due to mismatch -If the [shared runners enablement](../../../ci/runners/runners_scope.md#enable-shared-runners) +If the [shared runners enablement](../../../ci/runners/runners_scope.md#enable-shared-runners-for-a-project) does not match between the exported project, and the project import, the project fails to import. Review [issue 276930](https://gitlab.com/gitlab-org/gitlab/-/issues/276930), and either: @@ -306,7 +307,7 @@ reduce the repository size for another import attempt: #### Workaround option 2 NOTE: -This workaround requires access to the rails console, which isn't available to end-users on GitLab.com. +This workaround does not account for LFS objects. Rather than attempting to push all changes at once, this workaround: @@ -383,3 +384,17 @@ s = Gitlab::ImportExport::Saver.new(exportable: p, shared:p.import_export_shared s.send(:compress_and_save) s.send(:save_upload) ``` + +### Import using the REST API fails when using a group access token + +[Group access tokens](../../group/settings/group_access_tokens.md) +don't work for project or group import operations. When a group access token initiates an import, +the import fails with this message: + +```plaintext +Error adding importer user to Project members. +Validation failed: User project bots cannot be added to other groups / projects +``` + +To use [Import REST APIs](../../../api/project_import_export.md), +pass regular user account credentials such as [personal access tokens](../../profile/personal_access_tokens.md). diff --git a/doc/user/project/settings/index.md b/doc/user/project/settings/index.md index 342b8d80bcf..31cda756a78 100644 --- a/doc/user/project/settings/index.md +++ b/doc/user/project/settings/index.md @@ -89,15 +89,11 @@ read-only view to discourage this behavior. Compliance framework pipelines allow group owners to define a compliance pipeline in a separate repository that gets executed in place of the local project's `gitlab-ci.yml` file. As part of this pipeline, an -`include` statement can reference the local project's `gitlab-ci.yml` file. This way, the two CI -files are merged together any time the pipeline runs. Jobs and variables defined in the compliance +`include` statement can reference the local project's `gitlab-ci.yml` file. This way, the compliance +pipeline jobs can run alongside the project-specific jobs any time the pipeline runs. +Jobs and variables defined in the compliance pipeline can't be changed by variables in the local project's `gitlab-ci.yml` file. -When used to enforce scan execution, this feature has some overlap with [scan execution policies](../../application_security/policies/scan-execution-policies.md), -as we have not [unified the user experience for these two features](https://gitlab.com/groups/gitlab-org/-/epics/7312). -For details on the similarities and differences between these features, see -[Enforce scan execution](../../application_security/#enforce-scan-execution). - When you set up the compliance framework, use the **Compliance pipeline configuration** box to link the compliance framework to specific CI/CD configuration. Use the `path/file.y[a]ml@group-name/project-name` format. For example: @@ -185,6 +181,11 @@ include: # Execute individual project's configuration (if project contains .git ref: '$CI_COMMIT_REF_NAME' # Must be defined or MR pipelines always use the use default branch ``` +When used to enforce scan execution, this feature has some overlap with [scan execution policies](../../application_security/policies/scan-execution-policies.md), +as we have not [unified the user experience for these two features](https://gitlab.com/groups/gitlab-org/-/epics/7312). +For details on the similarities and differences between these features, see +[Enforce scan execution](../../application_security/#enforce-scan-execution). + ##### Ensure compliance jobs are always run Compliance pipelines use GitLab CI/CD to give you an incredible amount of flexibility @@ -242,7 +243,7 @@ documentation, access permissions, and more. To do so from your project, go to **Settings** > **General**, and expand the **Visibility, project features, permissions** section. -You can now change the [Project visibility](../../../public_access/public_access.md). +You can now change the [Project visibility](../../public_access.md). If you set **Project Visibility** to public, you can limit access to some features to **Only Project Members**. In addition, you can select the option to [Allow users to request access](../members/index.md#request-access-to-a-project). diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index a78226ac2f8..b66913b7223 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -12,17 +12,18 @@ type: reference, howto > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/235765) in GitLab 13.5. > - [Changed](https://gitlab.com/gitlab-org/gitlab/-/issues/342327) in GitLab 14.5. Default prefix added. -You can use a project access token to authenticate: +Project access tokens are similar to passwords, except you can [limit access to resources](#scopes-for-a-project-access-token), +select a limited role, and provide an expiry date. -- With the [GitLab API](../../../api/index.md#personalprojectgroup-access-tokens). -- With Git, when using HTTP Basic Authentication. +Use a project access token to authenticate: -After you configure a project access token, you don't need a password when you authenticate. -Instead, you can enter any non-blank value. +- With the [GitLab API](../../../api/index.md#personalprojectgroup-access-tokens). +- With Git, when using HTTP Basic Authentication, use: + - Any non-blank value as a username. + - The project access token as the password. Project access tokens are similar to [group access tokens](../../group/settings/group_access_tokens.md) -and [personal access tokens](../../profile/personal_access_tokens.md), except they are -associated with a project rather than a group or user. +and [personal access tokens](../../profile/personal_access_tokens.md). In self-managed instances, project access tokens are subject to the same [maximum lifetime limits](../../admin_area/settings/account_and_limit_settings.md#limit-the-lifetime-of-personal-access-tokens) as personal access tokens if the limit is set. @@ -35,6 +36,8 @@ You can use project access tokens: - Consider [disabling project access tokens](#enable-or-disable-project-access-token-creation) to lower potential abuse. +You cannot use project access tokens to create other access tokens. + Project access tokens inherit the [default prefix setting](../../admin_area/settings/account_and_limit_settings.md#personal-access-token-prefix) configured for personal access tokens. |