| Age | Commit message (Collapse) | Author |
|---|
|
See !5454.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
'19572-storage-path-validations-fail-incorrectly-for-some-patterns' into 'master'
Fix a false positive where similar un-nested storage paths were reported as nested
Closes #19572
See merge request !5145
|
|
'master'
Avoid data-integrity issue when cleaning up repository archive cache
## What does this MR do?
Sets the default value for `repository_downloads_path` if someone has it configured incorrectly, and it points to the path where repositories are stored. It's also replace invocation of `find` with Ruby code that matches old cached files in a better, and safe way to avoid data-integrity issues.
## Why was this MR needed?
The `repository_downloads_path` is used by the `RepositoryArchiveCacheWorker` to remove outdated repository archives, if it points to the wrong directory can cause some data-integrity issue.
## What are the relevant issue numbers?
Closes #14222
See merge request !5285
(cherry picked from commit d2598f6273d4a714134c26ee520b99a40579e8fa)
|
|
Revert Content Security Policy
The secure-only cookies setting was causing an issue where the session was
constantly being lost in the development environment.
Revert "Merge branch 'csp-basics' into 'master'"
This reverts commit 9065f9c5ff073d376eb6377ca63ead93623fc8a3, reversing
changes made to f0b446e55506b251e85afd4bb063586bccb52eb2.
---
Revert "Merge branch 'remove-csp-sentry-reporting' into 'master'"
This reverts commit 79b02e40e5842540ceff4454f6c2c51f13fc081c, reversing
changes made to f2cd21e8946dcef13e8be408b96b079b5ced682a.
See merge request !5381
|
|
Added the ability to block sign ups using a domain blacklist.
As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.
Fixes #19749
Related to #5573
See merge request !5259
|
|
Add support for inline videos in issue, MR and notes (on issue, commit, MR, and MR diff)
## What does this MR do?
It adds support for inline videos in issue, MR and notes (on issue, commit, MR, and MR diff). Most of the work was done by @hayesr in !3508 but a few improvements were still missing.
## Why was this MR needed?
To be able to play uploaded videos in GitLab!
## What are the relevant issue numbers?
Closes #4142.
## Screenshots
### Video players
-----
-----
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- Tests
- [x] Test `VideoLinkFilter`
- [x] Test in `spec/features/markdown_spec.rb`
- [x] Improve `spec/uploaders/file_uploader_spec.rb`
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5215
|
|
Resolve "Move Build badges settings to Builds page (or Builds settings)"
## What does this MR do?
Removes pipeline settings section from project settings & creates a new pipelines settings page
Adds builds badge to pipelines settings page & removes badge page
## Are there points in the code the reviewer needs to double check?
All Rails updates -> particularly `builds_controller.rb` and `routes`
Spacing needs to be updated across all settings pages and will be in a separate MR (https://gitlab.com/gitlab-org/gitlab-ce/issues/19827)
## What are the relevant issue numbers?
Closes #15343
Part of #18920
## Screenshots (if relevant)
See merge request !5244
|
|
Log cron_jobs configuration instead of raising exception
## What does this MR do?
Log cron_jobs configuration errors and remove invalid key <-> values from the configuration hash instead of raising an exception.
This has been discussed at #20010.
Fixes #20010
## Are there points in the code the reviewer needs to double check?
## Why was this MR needed?
Original implementation !5318, introduced a regression with our docker packaging: #20010.
## What are the relevant issue numbers?
* #20010
* #18378
## Does this MR meet the acceptance criteria?
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5360
|
|
Fix the Sentry spam from CSP violations by disabling it.
## What does this MR do?
Leaves CSP enabled, but without a reporting endpoint for now. This was causing a huge amount of useless errors in our Sentry instance.
cc: @stanhu
See merge request !5354
|
|
Fix help page paths to make sure shortcuts and the UI help page work.
Add a test to make sure the help page UI path doesn't break in the future.
Fixes #19972 and #19889.
cc: @dzaporozhets @rspeicher @lbennett
See merge request !5350
|
|
Replace namespace-specific application.js files with namespace-bundle.js files.
Following up on the per-page JavaScript improvements, I wanted to replace the use of `application.js` with `namespace-bundle.js` to prevent confusion when downloading more than one application.js file.
This is pretty much just for the sake of clarity.
cc: @alfredo1
See merge request !5221
|
|
Add support for manual CI actions
## What does this MR do?
This implements a `when: manual` which allows a jobs to be marked as manual actions.
Manual actions have to be explicitly executed by developers.
## What are the relevant issue numbers?
This is to solve: https://gitlab.com/gitlab-org/gitlab-ce/issues/17010
See merge request !5297
|
|
Content Security Policy
Ref: #18231
This uses twitter's [secure_headers gem](https://github.com/twitter/secureheaders).
See merge request !4770
|
|
Improve cron_jobs loading error messages
## What does this MR do?
Improves the error message from "Sidekiq Cron Jobs" plugin, when trying to load a incorrect definition from gitlab config files.
This is the output before the fix:
```
2016-06-08T16:43:19.277Z 2890 TID-gso49ojro INFO: Booting Sidekiq 4.1.2 with redis options {:url=>"unix:/var/run/redis/redis.sock", :namespace=>"resque:gitlab"}
undefined method `delete' for nil:NilClass
/home/git/gitlab/config/initializers/sidekiq.rb:16:in `block (2 levels) in <top (required)>'
/home/git/gitlab/config/initializers/sidekiq.rb:16:in `each'
/home/git/gitlab/config/initializers/sidekiq.rb:16:in `block in <top (required)>'
/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/sidekiq-4.1.2/lib/sidekiq.rb:70:in `configure_server'
```
This is the output after the fix:
```
2016-07-18T10:53:22.414Z 66332 TID-oxal1bmik INFO: Booting Sidekiq 4.1.4 with redis options {:url=>"redis://localhost:6378", :namespace=>"resque:gitlab"}
Invalid cron_jobs config key: 'registry'. Check your gitlab config file.
/home/git/gitlab/config/initializers/sidekiq.rb:21:in `block (2 levels) in <top (required)>'
/home/git/gitlab/config/initializers/sidekiq.rb:17:in `each'
/home/git/gitlab/config/initializers/sidekiq.rb:17:in `block in <top (required)>'
/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/ruby-2.1.8/gems/sidekiq-4.1.4/lib/sidekiq.rb:70:in `configure_server'
```
Fixes #18378
## Are there points in the code the reviewer needs to double check?
No
## Why was this MR needed?
Original error doesn't give any hint on where the problem can be, so the user can't easily troubleshoot unless he knows implementation details.
## What are the relevant issue numbers?
#18378
## Does this MR meet the acceptance criteria?
- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
- [ ] Added for this feature/bug
- [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5318
|
|
Upgrade gemojione to 3.0.0
Upgrades gemojione to 3.0.0, see the Changelog: https://github.com/jonathanwiesel/gemojione/blob/b98aa8b07eef815d4d3f52ff3c8714b28932b0de/CHANGELOG.md#v300-2016-07-12
[Here are all the new 2016 emoji](http://emojione.com/releases/2.2.4/) :tada:
This update has new emoji and more sensical categories.
See merge request !5237
|
|
Allow U2F devices to be used in Firefox
- Adds U2F support for Firefox
- Improve U2F feature detection logic
- Have authentication flow be closer to the spec (single challenge instead of a challenge for each `signRequest`)
- Closes #17341
- Related to #15337
See merge request !5177
|
|
1. Only on supported Chrome versions
2. Mainly, this lets us simplify the javascript-based U2F check to
`window.u2f`, where `window.u2f` can either be loaded from the GitLab
server (for Chrome) or from the Firefox extension.
3. This is a better way to provide browser detection for U2F.
|
|
Remove Hound CI and Teatro config
## What does this MR do?
Since we moved to gitlab.com we don't use Hound CI and Teatro anymore. Instead we have rubocop.
See merge request !5089
|
|
Update the health_check gem to the latest release
## What does this MR do?
Update the health_check gem to the latest release, which allows us to drop some of our code for overwriting the email check
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- [ ] ~~API support added~~
- Tests
- [ ] ~~Added for this feature/bug~~
- [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5186
|
|
parameters.
|
|
This is probably a horrible way of fixing this issue, but it does work.
I can’t find much information on linking this deeply with Rails routes.
Resolves #14872.
|
|
This allows us to drop our disable email config override
|
|
|
|
|
|
Split Cropper.js from the main JavaScript manifest.
## What does this MR do?
Splits Cropper.js from the main JavaScript file.
## Are there points in the code the reviewer needs to double check?
That the avatar uploader works. (It did in my testing)
## Why was this MR needed?
Smaller JS payload.
## What are the relevant issue numbers?
#14372
## Does this MR meet the acceptance criteria?
- Tests
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4978
|
|
When rendering a list of diff files, skip those where the diff is over
10 KB and provide an endpoint to render individually instead.
|
|
Allow specifying protected branches using wildcards
Closes #18627
# Tasks
- [ ] #18627 !4665 Allow specifying protected branches using wildcards
- [x] Find existing usages of protected branches
- Protecting branches
- `ProtectedBranchesController` is used to mark a branch protected/unprotected
- `API::Branches` can be used to mark a branch protected/unprotected
- Enforcing branch protection
- `Gitlab::GitAccess` has helpers (`can_push_to_branch?`, `check`) that are used to deny pushes if a branch is protected
- Over SSH: `gitlab-shell` receives a push, and calls `/allowed` on the GitLab API, which calls `GitAccess.check`
- Over HTTP:
- `gitlab-workhorse` receives the request, and forwards it to rails
- Rails (in the `GitHttpController#git-recieve-pack`) runs basic checks (is the user logged in, not protected branch checks) and returns ok with `GL_ID` and `RepoPath`
- `gitlab-workhorse` looks at the response, and calls the relevant `gitlab-shell` action from `git-http/handlePostRPC`
- Rest of this flow is the same as the SSH flow above
- [x] Implementation
- [x] Backend
- [x] Change `project#protected_branch?` to look at wildcard protected branches
- [x] Change `project#developers_can_push_to_protected_branch?`
- [x] Change `project#open_branches`
- [x] Better error message when creating a disallowed branch from the Web UI
- [x] Frontend
- [x] Protected branches page should allow typing out a wildcard pattern
- [x] Add help text explaining the use of wildcards
- [x] Show matching branches for each protected branch
- [x] ~~On the index page~~
- [x] On a show page
- [x] Index?
- [x] Can't have the "last commit" column for wildcard protected branches
- [x] Fix / write tests
- [x] What happens if a hook is missing in dev?
- [x] Refactor
- [x] Test workflows
- Create a branch matching a wildcard pattern
- Push to a branch matching a wildcard pattern
- Force push to a branch matching a wildcard pattern
- Delete a branch matching a wildcard pattern
- [x] Test using Web UI
- [x] Test over SSH
- [x] Test over HTTP
- [x] Test as developer and master
- [x] Investigate performance
- [x] Test with a large number of protected branches / branches
- [x] Paginate list of protected branches
- [x] ~~Possibly rewrite `open_branches`~~
- [x] Add `iid`s to existing `ProtectedBranch`es
- [x] Add documentation
- [x] Add CHANGELOG entry
- [x] Add screenshots
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/2f753e3ed2ce681b4444944d521f4419e8ed37f7/builds) passes
- [x] Assign to endboss for review
- [x] Address @DouweM's comments
- [x] `protected_branch_params`
- [x] `exact_match` instead of `explicit_match`
- [x] When would self.name be blank?
- [x] Move `protected_branches.each` to a partial
- [x] Move `matching_branches.each` to a partial
- [x] If the branch is in @matching_branches, it's not been removed
- [x] move this regex to a method and memoize it
- [x] `commit_sha` directly for exact matches
- [x] Number of matches for wildcard matches, with a link
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/43f9ce0e88194b8f719bb1c1e656b7fc13278d56/builds) to pass
- [x] Respond to @DouweM's comments
- [x] Don't use iid
- [x] Controller should use `@project.protected_branches.new`
- [x] move the memoization to `def wildcard_regex`
- [x] render with `collection: @protected_branches`
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/f7beedf122fa0c7aa89e86181fe7499321fb10ca/builds) to pass
- [x] Wait for @DouweM's review
- [x] Wait for @jschatz1's review
- [x] Respond to @jschatz1's comments
- [x] Use the new dropdown style
- [x] description should be moved to the description section without the styling
- [x] Protect button should be disabled when no branch is selected
- [x] Update screenshots
- [x] Merge conflicts
- [x] Make sure [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/20f3cfe8d5540eab64c2ba548043d600b28c61ba/builds) passes
- [ ] Revisit performance, possibly with staging/production data
- [ ] Get a dump of staging / run against staging live
- [ ] Get SSH access to staging
- [ ] Wait for review/merge
# Screenshots
## Creating wildcard protected branches
### Using the `GLDropdown` component
## Enforcing wildcard protected branches
### From the Web UI
### Over SSH
### Over HTTPS
## Listing matching branches
See merge request !4665
|
|
|
|
1. Allow entering any branch name for a protected branch.
- Either pick from a list of options, or enter it manually
- You can enter wildcards.
2. Display branches matching a protected branch.
- Add a `ProtectedBranches#show` page that displays the branches
matching the given protected branch, or a message if there are no
matches.
- On the `index` page, display the last commit for an exact match,
or the number of matching branches for a wildcard match.
- Add an `iid` column to `protected_branches` - this is what we use for
the `show` page URL.
- On the off chance that this feature is unnecessary, this commit
encapsulates it neatly, so it can be removed without affecting
anything else.
3. Remove the "Last Commit" column from the list of protected branches.
- There's no way to pull these for wildcard protected branches, so it's
best left for the `show` page.
- Rename the `@branches` instance variable to `@protected_branches`
- Minor styling changes with the "Unprotect" button - floated right
like the "Revoke" button for personal access tokens
4. Paginate the list of protected branches.
5. Move the instructions to the left side of the page.
|
|
|
|
|
|
Upgrade sprockets and sprockets rails, remove quiet_assets
## What does this MR do?
Upgrade Sprockets from 3.6.0 to 3.6.2.
Changelog: https://github.com/rails/sprockets/blob/3.x/CHANGELOG.md
Upgrade Sprockets Rails from 3.0.4 to 3.1.1.
Changelog: https://github.com/rails/sprockets-rails/compare/v3.0.4...v3.1.1
quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in!
The config was added in this PR: https://github.com/rails/sprockets-rails/pull/355
Working towards #14286.
See merge request !5029
|
|
|
|
quiet_assets has been seemingly abandoned, and now sprockets-rails has the feature built-in!
From this PR: https://github.com/rails/sprockets-rails/pull/355
|
|
This stands as an alternative to using OAuth to access a user's Github
repositories. This is setup in such a way that it can be used without OAuth
configuration.
From a UI perspective, the how to import modal has been replaced by a full
page, which includes a form for posting a personal access token back to the
Import::GithubController.
If the user has logged in via GitHub, skip the Personal Access Token and go
directly to Github for an access token via OAuth.
|
|
Make Rack::Request use our trusted proxies when filtering IP addresses
## What does this MR do?
This allows us to control the trusted proxies while deployed in a private network.
## Are there points in the code the reviewer needs to double check?
If we want to limit what is impacted, we can do this specifically for the rack_attack request object.
## Why was this MR needed?
Normally Rack::Request will trust all private IPs as trusted proxies, which can cause problems if your users are connection on you network via private IP ranges.
Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
## What are the relevant issue numbers?
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17550
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- [ ] ~~API support added~~
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
\cc @stanhu
See merge request !4958
|
|
Loop all disks when displaying system info. Closes #18886
See merge request !4983
|
|
This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges.
Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
|
|
install task
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Re-implement page-specific JS in a better way.
## What does this MR do?
This rebuilds the way we do page-specific JavaScript assets for a few reasons:
- The current implementation does not work with Subresource Integrity (!4808)
- The current implementation doesn't allow caching of libraries because each page we hook up with this system will have a separate application.js. Meaning that for every page that uses Ace Editor, we'd have to load Ace Editor plus any GitLab-specific scripts in the same file, making local caching of just Ace Editor impossible.
- The current implementation is rather hacky.
## Are there points in the code the reviewer needs to double check?
That Sprockets doesn't choke on this when we use precompiled assets.
## What are the relevant issue numbers?
#14372
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [x] API support added
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
cc: @jschatz1 @pavelloz
Thanks to @pavelloz for his example implementation which was very useful.
See merge request !4883
|
|
Add SMTP as default delivery method to match gitlab-org/omnibus-gitlab!826
Something happened after upgrading to 8.9RC5 that caused mail settings to be set to sendmail by default. gitlab-com/infrastructure#128 describes the issue in more detail. This MR mirrors the change in omnibus with gitlab-org/omnibus-gitlab!826.
Closes #19132
See merge request !4915
|
|
Closes #19132
[ci skip]
|
|
Disable the email checking part of the standard Health Check
## What does this MR do?
In order to fix it we have overwritten the email_configured? method in the health check so that it does not check email status during the standard health check.
## Why was this MR needed?
The email check used in the Heath Check doesn't properly make use of enough of the SMTP config options to be able to properly test the STMP connection, and as a result could cause a failure.
## What are the relevant issue numbers?
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17742
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] ~~[Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)~~
- [x] ~~API support added~~
- Tests
- [ ] Added for this feature/bug
- [ ] All builds are passing
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !4903
|
|
There was nothing additional in the full checks that we want to run (email, custom)
|
