Age | Commit message (Collapse) | Author |
|
Add UsageData for group/project clusters
Closes #54886
See merge request gitlab-org/gitlab-ce!23590
|
|
Use group clusters when deploying (DeploymentPlatform)
See merge request gitlab-org/gitlab-ce!22308
|
|
|
|
|
|
Avoid 500's when serializing legacy diff notes
Closes #54793
See merge request gitlab-org/gitlab-ce!23544
|
|
[Backport] Extract system check rake task logic
See merge request gitlab-org/gitlab-ce!23395
|
|
into 'master'
Resolve "Use read_repository scope on read-only files endpoints"
Closes #54826
See merge request gitlab-org/gitlab-ce!23534
|
|
Merge request pipelines
See merge request gitlab-org/gitlab-ce!23217
|
|
Use a 32-byte version of db_key_base for web hooks
Closes #53659
See merge request gitlab-org/gitlab-ce!23573
|
|
Update K8s project namespace and ServiceAccount if exist
See merge request gitlab-org/gitlab-ce!23525
|
|
Make KUBECONFIG nil if KUBE_TOKEN is nil
See merge request gitlab-org/gitlab-ce!23414
|
|
This reverts commit 22954f220231281360377922b709efb904559949
|
|
|
|
LfsToken::HMACToken#token_valid?() will be examined and if false, look
in redis via LfsToken::LegacyRedisDeviseToken#token_valid?().
|
|
|
|
AES-256-GCM cipher mode requires a key that is exactly 32 bytes long.
We already handle the case when the key is too long, by truncating, but
the key can also be too short in some installations. Switching to a key
that is always exactly the right length (by virtue of right-padding
ASCII 0 characters) allows encryption to proceed, without breaking
backward compatibility.
When the key is too short, encryption fails with an `ArgumentError`,
causing the web hooks functionality to be unusable. As a result, zero
rows can exist with values encrypted with the too-short key.
When the key is too long, it is silently truncated. In this case, the
key is unchanged, so values encrypted with the new too-long key will
still be successfully decrypted.
|
|
- Rename ordered_group_clusters_for_project ->
ancestor_clusters_for_clusterable
- Improve name of order option. It makes much more sense to have `hierarchy_order: :asc`
and `hierarchy_order: :desc`
- Allow ancestor_clusters_for_clusterable for group
- Re-use code already present in Project
|
|
Look for matching clusters starting from the closest ancestor, then go
up the ancestor tree.
Then use Ruby to get clusters for each group in order. Not that
efficient, considering we will doing up to `NUMBER_OF_ANCESTORS_ALLOWED`
number of queries, but it's a finite number
Explicitly order query by depth
This allows us to control ordering explicitly and also to reverse the
order which is useful to allow us to be consistent with
Clusters::Cluster.on_environment (EE) which does reverse ordering.
Puts querying group clusters behind Feature Flag. Just in case we have
issues with performance, we can easily disable this
|
|
If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.
Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.
|
|
Define the default value for only/except policies
See merge request gitlab-org/gitlab-ce!23531
|
|
Encrypt runners tokens
Closes #51232 and #52931
See merge request gitlab-org/gitlab-ce!23412
|
|
|
|
Currently, if a job does not have only/except policies, the policy is considered as an unspecified state, and therefore the job is executed regardless of how it's executed and which branch/tags are targetted.
Ideally, this should be specified as only: ['branches', 'tags'], as it indicates that unspecified policy jobs are meant to run on any git references.
|
|
|
|
|
|
|
|
fix/gb/encrypt-runners-tokens
* commit '83f0798e7dc588f0e4cb6816daadeef7dbfc8b81': (101 commits)
|
|
'master'"
This reverts merge request !23165
|
|
If the service fails mid-point, then we should be able to re-run this
service. So, detect presence of any previously created Kubernetes
resource and update or create accordingly.
Fix specs accordingly. In the case of finalize_creation_service_spec.rb,
I decided to stub out the async worker rather than maintaining
individual stubs for various kubeclient calls for that worker.
Also add test cases for group clusters
|
|
These changes make the code more reusable, testable, and most
importantly, overrideable.
|
|
The numbers in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22650#note_117645395
are quite promising with that target.
|
|
This improves readability quite a bit.
|
|
|
|
|
|
|
|
|
|
A tablesample count executes in two phases:
* Estimate table sizes based on reltuples.
* Based on the estimate:
* If the table is considered 'small', execute an exact relation count.
* Otherwise, count on a sample of the table using TABLESAMPLE.
The size of the sample is chosen in a way that we always roughly scan
the same amount of rows (see TABLESAMPLE_ROW_TARGET).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add echo so that we know which branch was taken
See merge request gitlab-org/gitlab-ce!23499
|
|
This should help debug issues like
https://gitlab.com/gitlab-org/gitlab-ce/issues/54760
|
|
Fix API::Namespaces routing to accept namepaces with dots
See merge request gitlab-org/gitlab-ce!22912
|
|
ci/config: generalize Config validation into Gitlab::Config:: module
See merge request gitlab-org/gitlab-ce!23443
|
|
Having an invalid KUBECONFIG without a token in it is not helpful. This
only became possible recently now that we are creating a separate
namespace and service account (and hence token) to send to the runners.
This led to somewhat surprising results when troubleshooting
https://gitlab.com/gitlab-org/gitlab-ce/issues/53879 as I found that the
KUBECONFIG was still being passed but KUBE_TOKEN was not. These things
really should have been linked.
Furthermore now that we are also using the [presence of KUBECONFIG to
decide whether or not to run build steps in Auto
DevOps](https://gitlab.com/gitlab-org/gitlab-ce/blob/294d15be3e9497e7b67e1f9131ce9d5c0d68406c/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml#L164)
I think it makes even more sense to ensure that KUBECONFIG is a complete
config if passed to a job.
|