| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit 1e8f1de034aa9b6a60b640b2b091f60c4d3ba365, reversing
changes made to 62d971129da99936a3cdc04f3740d26f16a0c7a6.
|
|
|
|
Allow internal references to be removed
Closes #19376
See merge request gitlab-org/gitlab-ce!23189
|
|
|
|
[master]: Prevent a path traversal attack on global file templates
Closes #2745
See merge request gitlab/gitlabhq!2677
|
|
Support unlimited file search in web UI and API
See merge request gitlab-org/gitlab-ce!23553
|
|
|
|
Gracefully handle unknown/invalid GPG keys
Closes #54729
See merge request gitlab-org/gitlab-ce!23492
|
|
Encrypt CI/CD builds tokens
Closes #52342
See merge request gitlab-org/gitlab-ce!23436
|
|
* removed 100 limit on file search results because we
load all results anyway
* expensive processing (parsing match content, utf encoding)
is done only for selected page in paginated output
|
|
An unknown public GPG key will result in a GPGME::Error thrown from gpg,
which would cause an Error 500 on the signatures endpoint.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54729
|
|
Add UsageData for group/project clusters
Closes #54886
See merge request gitlab-org/gitlab-ce!23590
|
|
Use group clusters when deploying (DeploymentPlatform)
See merge request gitlab-org/gitlab-ce!22308
|
|
|
|
The API permits path traversal characters like '../' to be passed down
to the template finder. Detect these requests and cause them to fail
with a 500 response code.
|
|
|
|
Avoid 500's when serializing legacy diff notes
Closes #54793
See merge request gitlab-org/gitlab-ce!23544
|
|
Merge request pipelines
See merge request gitlab-org/gitlab-ce!23217
|
|
|
|
Use a 32-byte version of db_key_base for web hooks
Closes #53659
See merge request gitlab-org/gitlab-ce!23573
|
|
Update K8s project namespace and ServiceAccount if exist
See merge request gitlab-org/gitlab-ce!23525
|
|
Make KUBECONFIG nil if KUBE_TOKEN is nil
See merge request gitlab-org/gitlab-ce!23414
|
|
This reverts commit 22954f220231281360377922b709efb904559949
|
|
|
|
LfsToken::HMACToken#token_valid?() will be examined and if false, look
in redis via LfsToken::LegacyRedisDeviseToken#token_valid?().
|
|
|
|
AES-256-GCM cipher mode requires a key that is exactly 32 bytes long.
We already handle the case when the key is too long, by truncating, but
the key can also be too short in some installations. Switching to a key
that is always exactly the right length (by virtue of right-padding
ASCII 0 characters) allows encryption to proceed, without breaking
backward compatibility.
When the key is too short, encryption fails with an `ArgumentError`,
causing the web hooks functionality to be unusable. As a result, zero
rows can exist with values encrypted with the too-short key.
When the key is too long, it is silently truncated. In this case, the
key is unchanged, so values encrypted with the new too-long key will
still be successfully decrypted.
|
|
- Rename ordered_group_clusters_for_project ->
ancestor_clusters_for_clusterable
- Improve name of order option. It makes much more sense to have `hierarchy_order: :asc`
and `hierarchy_order: :desc`
- Allow ancestor_clusters_for_clusterable for group
- Re-use code already present in Project
|
|
Look for matching clusters starting from the closest ancestor, then go
up the ancestor tree.
Then use Ruby to get clusters for each group in order. Not that
efficient, considering we will doing up to `NUMBER_OF_ANCESTORS_ALLOWED`
number of queries, but it's a finite number
Explicitly order query by depth
This allows us to control ordering explicitly and also to reverse the
order which is useful to allow us to be consistent with
Clusters::Cluster.on_environment (EE) which does reverse ordering.
Puts querying group clusters behind Feature Flag. Just in case we have
issues with performance, we can easily disable this
|
|
If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.
Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.
|
|
Define the default value for only/except policies
See merge request gitlab-org/gitlab-ce!23531
|
|
Encrypt runners tokens
Closes #51232 and #52931
See merge request gitlab-org/gitlab-ce!23412
|
|
|
|
Currently, if a job does not have only/except policies, the policy is considered as an unspecified state, and therefore the job is executed regardless of how it's executed and which branch/tags are targetted.
Ideally, this should be specified as only: ['branches', 'tags'], as it indicates that unspecified policy jobs are meant to run on any git references.
|
|
|
|
|
|
fix/gb/encrypt-runners-tokens
* commit '83f0798e7dc588f0e4cb6816daadeef7dbfc8b81': (101 commits)
|
|
'master'"
This reverts merge request !23165
|
|
If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.
Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.
Also add test cases for group clusters
|
|
The numbers in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22650#note_117645395
are quite promising with that target.
|
|
This improves readability quite a bit.
|
|
|
|
|
|
|
|
|
|
A tablesample count executes in two phases:
* Estimate table sizes based on reltuples.
* Based on the estimate:
* If the table is considered 'small', execute an exact relation count.
* Otherwise, count on a sample of the table using TABLESAMPLE.
The size of the sample is chosen in a way that we always roughly scan
the same amount of rows (see TABLESAMPLE_ROW_TARGET).
|
|
|
|
|
|
|
|
|
