| Age | Commit message (Collapse) | Author |
|---|
|
Bump jquery-rails to ~> 4.0.0, jquery-ui-rails to ~> 5.0.0
Closes #2859
See merge request !2183
|
|
|
|
|
|
Explicitly require Nokogiri 1.6.7.1 due to security issue
```
Name: nokogiri
Version: 1.6.7
Advisory: CVE-2015-5312
Criticality: High
URL: https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
```
See merge request !2154
|
|
|
|
Name: nokogiri
Version: 1.6.7
Advisory: CVE-2015-5312
Criticality: High
URL:
https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
Title: Nokogiri gem contains several vulnerabilities in libxml2
Solution: upgrade to >= 1.6.7.1
|
|
https://github.com/kickstarter/rack-attack/releases/tag/v4.3.1
|
|
This allows us to track the counts of actual classes instead of "T_XXX"
nodes. This is only enabled on CRuby as it uses CRuby specific APIs.
|
|
This works by searching the raw source code for any references to
commonly used ActiveRecord methods. While not bulletproof it saves us
from having to list hundreds of methods by hand. It also ensures that
(most) newly added methods are instrumented automatically.
This _only_ instruments models defined in app/models, should a model
reside somewhere else (e.g. somewhere in lib/) it _won't_ be
instrumented.
|
|
This adds the ability to write application metrics (e.g. SQL timings) to
InfluxDB. These metrics can in turn be visualized using Grafana, or
really anything else that can read from InfluxDB. These metrics can be
used to track application performance over time, between different Ruby
versions, different GitLab versions, etc.
== Transaction Metrics
Currently the following is tracked on a per transaction basis (a
transaction is a Rails request or a single Sidekiq job):
* Timings per query along with the raw (obfuscated) SQL and information
about what file the query originated from.
* Timings per view along with the path of the view and information about
what file triggered the rendering process.
* The duration of a request itself along with the controller/worker
class and method name.
* The duration of any instrumented method calls (more below).
== Sampled Metrics
Certain metrics can't be directly associated with a transaction. For
example, a process' total memory usage is unrelated to any running
transactions. While a transaction can result in the memory usage going
up there's no accurate way to determine what transaction is to blame,
this becomes especially problematic in multi-threaded environments.
To solve this problem there's a separate thread that takes samples at a
fixed interval. This thread (using the class Gitlab::Metrics::Sampler)
currently tracks the following:
* The process' total memory usage.
* The number of file descriptors opened by the process.
* The amount of Ruby objects (using ObjectSpace.count_objects).
* GC statistics such as timings, heap slots, etc.
The default/current interval is 15 seconds, any smaller interval might
put too much pressure on InfluxDB (especially when running dozens of
processes).
== Method Instrumentation
While currently not yet used methods can be instrumented to track how
long they take to run. Unlike the likes of New Relic this doesn't
require modifying the source code (e.g. including modules), it all
happens from the outside. For example, to track `User.by_login` we'd add
the following code somewhere in an initializer:
Gitlab::Metrics::Instrumentation.
instrument_method(User, :by_login)
to instead instrument an instance method:
Gitlab::Metrics::Instrumentation.
instrument_instance_method(User, :save)
Instrumentation for either all public model methods or a few crucial
ones will be added in the near future, I simply haven't gotten to doing
so just yet.
== Configuration
By default metrics are disabled. This means users don't have to bother
setting anything up if they don't want to. Metrics can be enabled by
editing one's gitlab.yml configuration file (see
config/gitlab.yml.example for example settings).
== Writing Data To InfluxDB
Because InfluxDB is still a fairly young product I expect the worse.
Data loss, unexpected reboots, the database not responding, you name it.
Because of this data is _not_ written to InfluxDB directly, instead it's
queued and processed by Sidekiq. This ensures that users won't notice
anything when InfluxDB is giving trouble.
The metrics worker can be started in a standalone manner as following:
bundle exec sidekiq -q metrics
The corresponding class is called MetricsWorker.
|
|
|
|
Update rerun to remove celluloid as dependency
After sidekiq 4 migration, we no longer need celluloid. `rerun` recent version also removed it from its dependency, so by getting this MR merged, we can solve #3797
See merge request !2088
|
|
|
|
|
|
|
|
This reverts commit e426c027b0a2a3aa0dea1d833008f2bfd814f483, reversing
changes made to c3676aa156981092b7f03f1a3e74bb819cfa2fc3.
|
|
Bump gitlab_emoji to ~> 0.2.0
A new version of this gem was released October 29th
but was never bumped in GitLab.
See merge request !1994
|
|
Bump devise to 3.5.3 to fix reset token expiring after account creation
Also fixes an incorrect redirect after login with relative URL root:
Closes https://github.com/gitlabhq/gitlabhq/issues/8228
Closes #2750
See merge request !2056
|
|
Also fixes an incorrect redirect after login with relative URL root:
Closes https://github.com/gitlabhq/gitlabhq/issues/8228
Closes #2750
|
|
|
|
|
|
Bump gollum-lib to 4.1.0 and fix dependency mismatch with rouge
Closes #3767
See merge request !2017
|
|
Serve LFS object
Depends on gitlab-org/gitlab_git!57
See merge request !1976
|
|
Closes #3767
|
|
|
|
Migrate from Sidetiq to Sidekiq-cron
Migrate from Sidetiq to Sidekiq-cron
Updated Sidekiq to 3.5.x
This will solve #2355
See merge request !1982
|
|
|
|
|
|
Two issues:
1. The constraints in the resources were incorrect. Here's what it was before:
```
group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```
In this case, id is actually the title of the milestone, which can be anything at the moment.
After:
```
group_milestone GET /groups/:group_id/milestones/:id(.:format) groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
```
2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like:
ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]):
This change uses the babosa library to create a better slug, which surprisingly
isn't actually used by the global milestone controllers. Instead, they use the
title passed as a query string for some reason.
Closes https://github.com/gitlabhq/gitlabhq/issues/9881
Fix constraints
|
|
Updated Sidekiq to 3.5.x
|
|
|
|
Rails update to 4.2.4
https://gitlab.com/gitlab-org/gitlab-ce/issues/2694
See merge request !1902
|
|
|
|
See #2857
|
|
|
|
|
|
|
|
Remove enumerize gem
Closes #2803
See merge request !1912
|
|
Bump asana to ~> 0.4.0
Closes #2830
See merge request !1911
|
|
|
|
Closes #2830
|
|
Closes #2746
|
|
|
|
Bump colorize to ~> 0.7.0
Also removes `colored` which came in during the CI merge and is
redundant.
Closes #2822
See merge request !1895
|
|
Bump rack-oauth2 to ~> 1.2.1
Closes #2748
See merge request !1891
|
|
Bump creole to ~> 0.5.0
Closes #2815
See merge request !1890
|
|
Also removes `colored` which came in during the CI merge and is
redundant.
Closes #2822
|
|
|
|
Closes #2815
|
|
Closes #2856
|
