Age | Commit message (Collapse) | Author |
|
Add support for Content-Security-Policy
Closes #65330
See merge request gitlab-org/gitlab-ce!31402
|
|
Kubernetes deployments on new clusters will now have
a separate namespace per project environment, instead
of sharing a single namespace for the project.
Behaviour of existing clusters is unchanged.
All new functionality is controlled by the
:kubernetes_namespace_per_environment feature flag,
which is safe to enable/disable at any time.
|
|
- Closes #60024
- Change PrometheusClient.new to accept a base url instead of an
already created RestClient
- Use Gitlab::HTTP in PrometheusClient instead of creating RestClient
in PrometheusService
- Move http_options from PrometheusService to
PrometheusClient (follow_redirects: false)
- ensure that base urls don't have the trailing slash
- Created a `PrometheusClient#url` method that might not be strictly
required
- Change rescued exceptions from RestClient::* to
HTTParty::ResponseError where possible and StandardError for the
rest
|
|
A nonce-based Content-Security-Policy thwarts XSS attacks by allowing
inline JavaScript to execute if the script nonce matches the header
value. Rails 5.2 supports nonce-based Content-Security-Policy headers,
so provide configuration to enable this and make it work.
To support this, we need to change all `:javascript` HAML filters to the
following form:
```
= javascript_tag nonce: true do
:plain
...
```
We use `%script` throughout our HAML to store JSON and other text, but
since this doesn't execute, browsers don't appear to block this content
from being used and require the nonce value to be present.
|
|
|
|
Support selective highlighting of lines
See merge request gitlab-org/gitlab-ce!31361
|
|
Make issue boards importable
See merge request gitlab-org/gitlab-ce!31434
|
|
Instead of highlighting all lines when not all of them are
needed, only highlight specific lines.
The `BlobPresenter#highlight` method has been updated to
support `since` and `to` params. These params will be used to
limit the content to be highlighted.
Modify `Gitlab::Highlight` to support `since` param which will
then be used to determine the starting line number.
|
|
Add project path to sql query to build proper path
|
|
API endpoints for requesting container repositories
and container repositories with their tag information
are enabled for users that want to specify the group
containing the repository rather than the specific project.
|
|
Only track Redis calls if Peek is enabled
See merge request gitlab-org/gitlab-ce!31438
|
|
Add missing timezone when copying legacy artifacts (ci_builds)
See merge request gitlab-org/gitlab-ce!31447
|
|
- Added space to li definiton
- Remove milestone from import_export.yml
|
|
Add outbound setting for system hooks
See merge request gitlab-org/gitlab-ce!31177
|
|
Increase clair scanner from v11 to v12
See merge request gitlab-org/gitlab-ce!30809
|
|
|
|
|
|
- ci_builds.artifacts_expire_at are copied to
ci_job_artifacts.expire_at with incorrect timestamps when the
database timezone is NOT utc
- ci_builds.artifacts_expire_at is `timestamp without time zone` and
ci_job_artifacts.expire_at is `timestamp with time zone` on
postgresql
- Tests fail locally for `rspec
./spec/lib/gitlab/import_export/import_export_spec.rb` without this
change
|
|
|
|
In dev environments, Sidekiq was encountering the message:
Circular dependency detected while autoloading constant Gitlab::Profiler
This saves some overhead during normal usage.
|
|
|
|
|
|
- Added Importable to models/list.rb
- Did unless: :importable? on board validation
- Created changelog
- Modified haml to show issue boards are importable
- Added needed spec tests
- Modified project.json to include board information
- Added relevant models to all_models
- Added relevant models to import_export
- Added relevant models to safe_model_attributes
|
|
Also creates specs
Only allow Helm to be uninstalled if it's the only app
- Remove Tiller leftovers after reser command
- Fixes specs and offenses
Adds changelog file
Fix reset_command specs
|
|
Make `needs:` to require a strong reference
Closes #65512
See merge request gitlab-org/gitlab-ce!31419
|
|
This changes `needs:` from weak reference
to have a strong reference.
This means that job will not be created
unless all needs are present as part of
a pipeline.
|
|
'master'
Resolve "Breakage in displaying SVG in the same repository"
See merge request gitlab-org/gitlab-ce!31352
|
|
`allow_local_requests_for_hooks_and_services` was renamed to
`allow_local_requests_for_web_hooks_and_services`.
|
|
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator
Refactor specs to move out shared examples to be used in both
system hooks and public url validators.
|
|
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
|
|
Currently we write out empty CSS classes (`class=""`) every time we
create a new tag. This adds 9 unnecessary bytes per span element. In a
recent trace, I have counted 11950 span elements. So we transported 105
unnecessary kilobytes!
|
|
Previously, both InfluxSampler and RubySampler were relying on the
`GC::Profiler.total_time` data which is the sum over the list
of captured GC events. Also, both samplers asynchronously called
`GC::Profiler.clear` which led to incorrect metric data because
each sampler has the wrong assumption it is the only object who calls
`GC::Profiler.clear` and thus could rely on the gathered results between
such calls.
We should ensure that `GC::Profiler.total_time` is called only in one
place making it possible to rely on accumulated data between such wipes.
Also, we need to track the amount of profiler reports we lost.
|
|
Changes * to + to be more precise with acceptable branch names
|
|
Changes generated URL to raw instead of blob
|
|
Use NotesFinder to fetch notes on API and Controllers
Closes #52123
See merge request gitlab-org/gitlab-ce!31300
|
|
Add exclusive lease to mergeability check process
See merge request gitlab-org/gitlab-ce!31082
|
|
This implements the support for `needs:` keyword
as part of GitLab CI. That makes some of the jobs
to be run out of order.
|
|
Add additional paths to clean from backtrace
See merge request gitlab-org/gitlab-ce!31363
|
|
Fix SystemStackError when Peek bar is active with Rugged calls
Closes #65404
See merge request gitlab-org/gitlab-ce!31357
|
|
Remove project from NotesFinder constructor
Add project parameter to specs
Also look for methods in private scope
Fix specs to match new NotesFinder constructor
|
|
`Gitlab::Profiler` can also be used to profile Sidekiq jobs.
Add some call traces that can be omitted from the backtrace.
|
|
Add Feature.remove
Closes #65363
See merge request gitlab-org/gitlab-ce!31315
|
|
Concurrent calls to UserMergeToRef RPC updating a single ref
can lead to an opaque fail that is being rescued at Gitaly.
So this commit adds an exclusive lease to the mergeability
check process with the key as the current MR ID.
|
|
Peek attempts to serialize results with `to_json`, which calls
`ActiveSupport::JSON`. If an object is passed to `to_json` that contains
instance variables, `ActiveSupport` will attempt to recursively traverse
all variables.
The problem is that we can get into an infinite loop if the instance
references to an instance that references to something else that points
back to the same instance.
To avoid this mess, we just call `to_s` on the object. It appears only
`Gitlab::Git::Repository` and `::Repository` are the culprits here.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/65404
|
|
|
|
Add project scope to live trace feature flag
See merge request gitlab-org/gitlab-ce!31325
|
|
Fix sidekiq memory killer warning message
Closes gitlab-com/gl-infra/infrastructure#7371
See merge request gitlab-org/gitlab-ce!31264
|
|
|
|
undefined in prior stages
|
|
- After uninstalling the knative helm chart it's necessary to also
remove some leftover resources to allow the cluster to be clean
and knative to be reinstalleable.
- Adds knative uninstall disclaimer
- Uninstall ksvc before uninstalling knative
Make list of Knative and Ingres resources explicit
- To avoid deleting unwanted resources we are listing exact
which resources will be deleted rather than simply deleting any
resource that contains istio or knative words.
|