From 18869e31e629f7897451f26800f9123fa412f956 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 22 Nov 2022 21:10:22 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- Gemfile | 2 +- Gemfile.checksum | 2 +- Gemfile.lock | 4 +- app/controllers/projects/blame_controller.rb | 2 +- app/controllers/projects/blob_controller.rb | 3 +- app/controllers/projects/branches_controller.rb | 2 +- app/controllers/projects/commit_controller.rb | 2 +- app/controllers/projects/commits_controller.rb | 2 +- app/controllers/projects/compare_controller.rb | 4 +- app/controllers/projects/find_file_controller.rb | 2 +- app/controllers/projects/forks_controller.rb | 4 +- app/controllers/projects/issues_controller.rb | 2 +- app/controllers/projects/network_controller.rb | 2 +- app/controllers/projects/raw_controller.rb | 4 +- app/controllers/projects/refs_controller.rb | 2 +- app/controllers/projects/tags_controller.rb | 2 +- app/controllers/projects/tree_controller.rb | 2 +- app/controllers/projects_controller.rb | 16 +------ app/helpers/web_hooks/web_hooks_helper.rb | 1 - app/models/hooks/web_hook.rb | 12 ----- app/services/web_hooks/log_execution_service.rb | 2 +- .../operational_vulnerabilities_filters.yml | 8 ---- .../development/web_hooks_disable_failed.yml | 8 ---- data/whats_new/202211220001_15_06.yml | 2 +- ..._default_for_approval_project_rules_scanners.rb | 11 +++++ db/schema_migrations/20221109160052 | 1 + db/structure.sql | 2 +- doc/user/project/integrations/webhooks.md | 15 +++---- doc/user/project/repository/branches/default.md | 19 +++++--- locale/gitlab.pot | 6 +-- .../controllers/projects/issues_controller_spec.rb | 4 +- spec/helpers/web_hooks/web_hooks_helper_spec.rb | 15 +------ spec/models/hooks/web_hook_spec.rb | 52 ---------------------- .../web_hooks/log_execution_service_spec.rb | 21 --------- 34 files changed, 62 insertions(+), 176 deletions(-) delete mode 100644 config/feature_flags/development/operational_vulnerabilities_filters.yml delete mode 100644 config/feature_flags/development/web_hooks_disable_failed.yml create mode 100644 db/post_migrate/20221109160052_add_default_for_approval_project_rules_scanners.rb create mode 100644 db/schema_migrations/20221109160052 diff --git a/Gemfile b/Gemfile index 1b8e318f30f..01874392fb7 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', requir # https://gitlab.com/gitlab-org/gitlab/-/issues/375713 gem 'rails', '~> 6.1.6.1' -gem 'bootsnap', '~> 1.13.0', require: false +gem 'bootsnap', '~> 1.14.0', require: false # Pin openssl to match the version bundled with our supported Rubies. # See https://stdgems.org/openssl/#gem-version. diff --git a/Gemfile.checksum b/Gemfile.checksum index dc3fd6702cf..ee9dcac0206 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -57,7 +57,7 @@ {"name":"bindata","version":"2.4.11","platform":"ruby","checksum":"c38e0c99ffcd80c10a0a7ae6c8586d2fe26bf245cbefac90bec8764523220f6a"}, {"name":"binding_ninja","version":"0.2.3","platform":"java","checksum":"bbcf70b211d6e397493bf57c249bbec6aaf28fa7dafeb78e447b1b2f0610484f"}, {"name":"binding_ninja","version":"0.2.3","platform":"ruby","checksum":"4a85550a0066ee4721506b4e150857486808e50c9ddfeed04bdc896bb61eca9d"}, -{"name":"bootsnap","version":"1.13.0","platform":"ruby","checksum":"c673282ec0f48506f093ca9acefe0f666d1ab9fda716e49fb95c9fe677653e78"}, +{"name":"bootsnap","version":"1.14.0","platform":"ruby","checksum":"4c541735f628e6d6bb7284552ce14f63f75a6af238b23f43d2b07789b576de3f"}, {"name":"bootstrap_form","version":"4.2.0","platform":"ruby","checksum":"f578b3c900d2cf15fab641064d357318b29e285bd5fdf090f903727912889710"}, {"name":"browser","version":"5.3.1","platform":"ruby","checksum":"62745301701ff2c6c5d32d077bb12532b20be261929dcb52c6781ed0d5658b3c"}, {"name":"builder","version":"3.2.4","platform":"ruby","checksum":"99caf08af60c8d7f3a6b004029c4c3c0bdaebced6c949165fe98f1db27fbbc10"}, diff --git a/Gemfile.lock b/Gemfile.lock index ad0c4e08d13..7eaaee07595 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -229,7 +229,7 @@ GEM rack (>= 0.9.0) bindata (2.4.11) binding_ninja (0.2.3) - bootsnap (1.13.0) + bootsnap (1.14.0) msgpack (~> 1.2) bootstrap_form (4.2.0) actionpack (>= 5.0) @@ -1602,7 +1602,7 @@ DEPENDENCIES benchmark-ips (~> 2.3.0) benchmark-memory (~> 0.1) better_errors (~> 2.9.1) - bootsnap (~> 1.13.0) + bootsnap (~> 1.14.0) bootstrap_form (~> 4.2.0) browser (~> 5.3.1) bullet (~> 7.0.2) diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb index 01ed5473b41..cfff281604e 100644 --- a/app/controllers/projects/blame_controller.rb +++ b/app/controllers/projects/blame_controller.rb @@ -7,7 +7,7 @@ class Projects::BlameController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:show] diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index f5188e28b81..4eda76f4f21 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -18,7 +18,8 @@ class Projects::BlobController < Projects::ApplicationController around_action :allow_gitaly_ref_name_caching, only: [:show] before_action :require_non_empty_project, except: [:new, :create] - before_action :authorize_download_code! + before_action :authorize_download_code!, except: [:show] + before_action :authorize_read_code!, only: [:show] # We need to assign the blob vars before `authorize_edit_tree!` so we can # validate access to a specific ref. diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 27969cb1a75..7b01e4db42a 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -6,7 +6,7 @@ class Projects::BranchesController < Projects::ApplicationController # Authorize before_action :require_non_empty_project, except: :create - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_push_code!, only: [:new, :create, :destroy, :destroy_all_merged] # Support legacy URLs diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index 870320a79d9..583b572d4b1 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -12,7 +12,7 @@ class Projects::CommitController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_read_pipeline!, only: [:pipelines] before_action :commit before_action :define_commit_vars, only: [:show, :diff_for_path, :diff_files, :pipelines, :merge_requests] diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index dd900173c40..c006d56ae81 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -12,7 +12,7 @@ class Projects::CommitsController < Projects::ApplicationController around_action :allow_gitaly_ref_name_caching before_action :require_non_empty_project before_action :assign_ref_vars, except: :commits_root - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :validate_ref!, except: :commits_root before_action :set_commits, except: :commits_root diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 61308f24412..266edd506d5 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -10,7 +10,7 @@ class Projects::CompareController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! # Defining ivars before_action :define_diffs, only: [:show, :diff_for_path] before_action :define_environment, only: [:show] @@ -95,7 +95,7 @@ class Projects::CompareController < Projects::ApplicationController target_project = target_projects(source_project).find_by_id(compare_params[:from_project_id]) # Just ignore the field if it points at a non-existent or hidden project - next source_project unless target_project && can?(current_user, :download_code, target_project) + next source_project unless target_project && can?(current_user, :read_code, target_project) target_project end diff --git a/app/controllers/projects/find_file_controller.rb b/app/controllers/projects/find_file_controller.rb index c6bc115e737..b5099d555ae 100644 --- a/app/controllers/projects/find_file_controller.rb +++ b/app/controllers/projects/find_file_controller.rb @@ -8,7 +8,7 @@ class Projects::FindFileController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:show, :list] diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb index 3208a5076e7..ff3dc71b6cc 100644 --- a/app/controllers/projects/forks_controller.rb +++ b/app/controllers/projects/forks_controller.rb @@ -9,9 +9,9 @@ class Projects::ForksController < Projects::ApplicationController # Authorize before_action :disable_query_limiting, only: [:create] before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authenticate_user!, only: [:new, :create] - before_action :authorize_fork_project!, only: [:new, :create] + before_action :authorize_fork_project!, except: [:index] before_action :authorize_fork_namespace!, only: [:create] feature_category :source_code_management diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index beb5584c3f4..5a1783ea53d 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -37,7 +37,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :authorize_create_merge_request_from!, only: [:create_merge_request] before_action :authorize_import_issues!, only: [:import_csv] - before_action :authorize_download_code!, only: [:related_branches] + before_action :authorize_read_code!, only: [:related_branches] before_action do push_frontend_feature_flag(:preserve_unchanged_markdown, project) diff --git a/app/controllers/projects/network_controller.rb b/app/controllers/projects/network_controller.rb index 84ac9fb01fd..a85875b8983 100644 --- a/app/controllers/projects/network_controller.rb +++ b/app/controllers/projects/network_controller.rb @@ -6,7 +6,7 @@ class Projects::NetworkController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :assign_options before_action :assign_commit diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 9707b70f26f..924de0ee7ea 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -12,7 +12,7 @@ class Projects::RawController < Projects::ApplicationController before_action :set_ref_and_path before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :check_show_rate_limit!, only: [:show], unless: :external_storage_request? before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled? @@ -21,7 +21,7 @@ class Projects::RawController < Projects::ApplicationController def show @blob = @repository.blob_at(@ref, @path, limit: Gitlab::Git::Blob::LFS_POINTER_MAX_SIZE) - send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:download_code, @project)) + send_blob(@repository, @blob, inline: (params[:inline] != 'false'), allow_caching: Guest.can?(:read_code, @project)) end private diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 05fe34ceb5b..4ba856149b5 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -9,7 +9,7 @@ class Projects::RefsController < Projects::ApplicationController before_action :require_non_empty_project before_action :validate_ref_id before_action :assign_ref_vars - before_action :authorize_download_code! + before_action :authorize_read_code! feature_category :source_code_management urgency :low, [:switch, :logs_tree] diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb index 847b1baca10..3c1735c728c 100644 --- a/app/controllers/projects/tags_controller.rb +++ b/app/controllers/projects/tags_controller.rb @@ -7,7 +7,7 @@ class Projects::TagsController < Projects::ApplicationController # Authorize before_action :require_non_empty_project - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_admin_tag!, only: [:new, :create, :destroy] feature_category :source_code_management diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index fea2689db14..ce1b9af648f 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -13,7 +13,7 @@ class Projects::TreeController < Projects::ApplicationController before_action :require_non_empty_project, except: [:new, :create] before_action :assign_ref_vars before_action :assign_dir_vars, only: [:create_dir] - before_action :authorize_download_code! + before_action :authorize_read_code! before_action :authorize_edit_tree!, only: [:create_dir] before_action do diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a5dacbf7f2f..c705122818a 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -26,7 +26,7 @@ class ProjectsController < Projects::ApplicationController before_action :verify_git_import_enabled, only: [:create] before_action :project_export_enabled, only: [:export, :download_export, :remove_export, :generate_new_export] before_action :present_project, only: [:edit] - before_action :authorize_download_code!, only: [:refs] + before_action :authorize_read_code!, only: [:refs] # Authorize before_action :authorize_admin_project!, only: [:edit, :update, :housekeeping, :download_export, :export, :remove_export, :generate_new_export] @@ -369,7 +369,7 @@ class ProjectsController < Projects::ApplicationController def render_landing_page Gitlab::Tracking.event('project_overview', 'render', user: current_user, project: @project.project) - if can?(current_user, :download_code, @project) + if can?(current_user, :read_code, @project) return render 'projects/no_repo' unless @project.repository_exists? render 'projects/empty' if @project.empty_repo? @@ -520,14 +520,6 @@ class ProjectsController < Projects::ApplicationController false end - def project_view_files? - if current_user - current_user.project_view == 'files' - else - project_view_files_allowed? - end - end - # Override extract_ref from ExtractsPath, which returns the branch and file path # for the blob/tree, which in this case is just the root of the default branch. # This way we avoid to access the repository.ref_names. @@ -540,10 +532,6 @@ class ProjectsController < Projects::ApplicationController project.repository.root_ref end - def project_view_files_allowed? - !project.empty_repo? && can?(current_user, :download_code, project) - end - def build_canonical_path(project) params[:namespace_id] = project.namespace.to_param params[:id] = project.to_param diff --git a/app/helpers/web_hooks/web_hooks_helper.rb b/app/helpers/web_hooks/web_hooks_helper.rb index e95b90c69ef..2d74b008e10 100644 --- a/app/helpers/web_hooks/web_hooks_helper.rb +++ b/app/helpers/web_hooks/web_hooks_helper.rb @@ -8,7 +8,6 @@ module WebHooks return false if project_hook_page? return false unless current_user return false unless Feature.enabled?(:webhooks_failed_callout, project) - return false unless Feature.enabled?(:web_hooks_disable_failed, project) return false unless Ability.allowed?(current_user, :read_web_hooks, project) # Assumes include of Users::CalloutsHelper diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 05e50c17988..e57f664f199 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -57,8 +57,6 @@ class WebHook < ApplicationRecord }, _prefix: true scope :executable, -> do - next all unless Feature.enabled?(:web_hooks_disable_failed) - where('recent_failures <= ? AND (disabled_until IS NULL OR disabled_until < ?)', FAILURE_THRESHOLD, Time.current) end @@ -67,23 +65,17 @@ class WebHook < ApplicationRecord where('recent_failures > ? OR disabled_until >= ?', FAILURE_THRESHOLD, Time.current) end - def self.web_hooks_disable_failed?(hook) - Feature.enabled?(:web_hooks_disable_failed, hook.parent) - end - def executable? !temporarily_disabled? && !permanently_disabled? end def temporarily_disabled? - return false unless web_hooks_disable_failed? return false if recent_failures <= FAILURE_THRESHOLD disabled_until.present? && disabled_until >= Time.current end def permanently_disabled? - return false unless web_hooks_disable_failed? return false if disabled_until.present? recent_failures > FAILURE_THRESHOLD @@ -226,10 +218,6 @@ class WebHook < ApplicationRecord backoff_count.succ.clamp(1, MAX_FAILURES) end - def web_hooks_disable_failed? - self.class.web_hooks_disable_failed?(self) - end - def initialize_url_variables self.url_variables = {} if encrypted_url_variables.nil? end diff --git a/app/services/web_hooks/log_execution_service.rb b/app/services/web_hooks/log_execution_service.rb index 1a40c877bda..5be8aee3ae8 100644 --- a/app/services/web_hooks/log_execution_service.rb +++ b/app/services/web_hooks/log_execution_service.rb @@ -17,7 +17,7 @@ module WebHooks end def execute - update_hook_failure_state if WebHook.web_hooks_disable_failed?(hook) + update_hook_failure_state log_execution end diff --git a/config/feature_flags/development/operational_vulnerabilities_filters.yml b/config/feature_flags/development/operational_vulnerabilities_filters.yml deleted file mode 100644 index 93206935a94..00000000000 --- a/config/feature_flags/development/operational_vulnerabilities_filters.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: operational_vulnerabilities_filters -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/90845 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/365986 -milestone: '15.2' -type: development -group: group::container security -default_enabled: true diff --git a/config/feature_flags/development/web_hooks_disable_failed.yml b/config/feature_flags/development/web_hooks_disable_failed.yml deleted file mode 100644 index 3a7c85edafc..00000000000 --- a/config/feature_flags/development/web_hooks_disable_failed.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: web_hooks_disable_failed -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60837 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/329849 -milestone: '13.12' -type: development -group: group::integrations -default_enabled: false diff --git a/data/whats_new/202211220001_15_06.yml b/data/whats_new/202211220001_15_06.yml index b20f72c6149..e966305abf0 100644 --- a/data/whats_new/202211220001_15_06.yml +++ b/data/whats_new/202211220001_15_06.yml @@ -10,7 +10,7 @@ gitlab-com: true available_in: [Ultimate] documentation_link: 'https://docs.gitlab.com/ee/user/application_security/policies/scan-result-policies.html' - image_url: 'https://www.youtube-nocookie.com/embed/jfbNo5IE-2s' + image_url: 'https://img.youtube.com/vi/jfbNo5IE-2s/hqdefault.jpg' published_at: 2022-11-22 release: 15.6 - name: "Git abuse rate limiting" diff --git a/db/post_migrate/20221109160052_add_default_for_approval_project_rules_scanners.rb b/db/post_migrate/20221109160052_add_default_for_approval_project_rules_scanners.rb new file mode 100644 index 00000000000..a527bf4b2ef --- /dev/null +++ b/db/post_migrate/20221109160052_add_default_for_approval_project_rules_scanners.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class AddDefaultForApprovalProjectRulesScanners < Gitlab::Database::Migration[2.0] + def up + change_column_default :approval_project_rules, :scanners, from: nil, to: [] + end + + def down + change_column_default :approval_project_rules, :scanners, from: [], to: nil + end +end diff --git a/db/schema_migrations/20221109160052 b/db/schema_migrations/20221109160052 new file mode 100644 index 00000000000..33d71913115 --- /dev/null +++ b/db/schema_migrations/20221109160052 @@ -0,0 +1 @@ +4567d064918a67787a8d08a18b2747f2e6c1ef43a4bc1471a4bb2a881c66f49d \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 75bb0ba8684..cea87769336 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -11727,7 +11727,7 @@ CREATE TABLE approval_project_rules ( approvals_required smallint DEFAULT 0 NOT NULL, name character varying NOT NULL, rule_type smallint DEFAULT 0 NOT NULL, - scanners text[], + scanners text[] DEFAULT '{}'::text[], vulnerabilities_allowed smallint DEFAULT 0 NOT NULL, severity_levels text[] DEFAULT '{}'::text[] NOT NULL, report_type smallint, diff --git a/doc/user/project/integrations/webhooks.md b/doc/user/project/integrations/webhooks.md index be8b4cfed01..5819878d728 100644 --- a/doc/user/project/integrations/webhooks.md +++ b/doc/user/project/integrations/webhooks.md @@ -121,13 +121,9 @@ Endpoints should follow these best practices: ### Failing webhooks -> Introduced in GitLab 13.12 [with a flag](../../../administration/feature_flags.md) named `web_hooks_disable_failed`. Disabled by default. - -FLAG: -On self-managed GitLab, by default this feature is not available. To make it available, -ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `web_hooks_disable_failed`. -On GitLab.com, this feature is not available. -The feature is not ready for production use. +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60837) in GitLab 13.12 [with a flag](../../../administration/feature_flags.md) named `web_hooks_disable_failed`. Disabled by default. +> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/329849) in GitLab 15.7. +> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/329849) in GitLab 15.7. Feature flag `web_hooks_disable_failed` removed. If a webhook fails repeatedly, it may be disabled automatically. @@ -335,12 +331,11 @@ GitLab expects a response in [10 seconds](../../../user/gitlab_com/index.md#othe ### Re-enable disabled webhooks -> - Introduced in GitLab 15.2 [with a flag](../../../administration/feature_flags.md) named `webhooks_failed_callout`. Disabled by default. -> - The [`web_hooks_disable_failed` flag](#failing-webhooks) must also be enabled for this feature to work. Disabled by default. +> Introduced in GitLab 15.2 [with a flag](../../../administration/feature_flags.md) named `webhooks_failed_callout`. Disabled by default. FLAG: On self-managed GitLab, by default this feature is not available. To make it available, -ask an administrator to [enable the feature flags](../../../administration/feature_flags.md) named `webhooks_failed_callout` and `web_hooks_disable_failed`. +ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named `webhooks_failed_callout`. On GitLab.com, this feature is not available. The feature is not ready for production use. diff --git a/doc/user/project/repository/branches/default.md b/doc/user/project/repository/branches/default.md index f708e62e634..87caeee73e3 100644 --- a/doc/user/project/repository/branches/default.md +++ b/doc/user/project/repository/branches/default.md @@ -36,11 +36,15 @@ the [Git commands you need](#update-the-default-branch-name-in-your-repository) ## Change the default branch name for a project -To update the default branch name for an individual [project](../../index.md): +Prerequisites: -1. Sign in to GitLab with at least the Maintainer role. +- You have the Owner or Maintainer role in the project. + +To update the default branch for an individual [project](../../index.md): + +1. On the top bar, select **Main menu > Projects** and find your project. 1. In the left navigation menu, go to **Settings > Repository**. -1. Expand **Default branch**, and select a new default branch. +1. Expand **Default branch**. For **Initial default branch name**, select a new default branch. 1. Optional. Select the **Auto-close referenced issues on default branch** checkbox to close issues when a merge request [uses a closing pattern](../../issues/managing_issues.md#closing-issues-automatically). @@ -66,8 +70,8 @@ groups and subgroups can override this instance-wide setting for their projects. 1. On the top bar, select **Main menu > Admin**. 1. On the left sidebar, select **Settings > Repository**. -1. Expand **Default initial branch name**. -1. Change the default initial branch to a custom name of your choice. +1. Expand **Default branch**. +1. For **Initial default branch name**, select a new default branch. 1. Select **Save changes**. Projects created on this instance after you change the setting use the @@ -80,9 +84,10 @@ overrides it. Users with the Owner role of groups and subgroups can configure the default branch name for a group: -1. Go to the group **Settings > Repository**. +1. On the top bar, select **Main menu > Group** and find your group. +1. On the left sidebar, select **Settings > Repository**. 1. Expand **Default branch**. -1. Change the default initial branch to a custom name of your choice. +1. For **Initial default branch name**, select a new default branch. 1. Select **Save changes**. Projects created in this group after you change the setting use the custom branch name, diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 183a0540c72..95ac10704e2 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -44089,16 +44089,16 @@ msgstr "" msgid "UsageQuota|Wiki content." msgstr "" -msgid "UsageQuota|You have consumed all of your additional storage, please purchase more to unlock your projects over the free %{actualRepositorySizeLimit} limit." +msgid "UsageQuota|You have consumed all of your additional storage. Purchase more to unlock your projects over the free %{actualRepositorySizeLimit} limit." msgstr "" -msgid "UsageQuota|You have reached the free storage limit of %{actualRepositorySizeLimit} on %{projectsLockedText}. To unlock them, please purchase additional storage." +msgid "UsageQuota|You have reached the free storage limit of %{actualRepositorySizeLimit} on %{projectsLockedText}. To unlock them, purchase additional storage." msgstr "" msgid "UsageQuota|You used: %{usage} %{limit}" msgstr "" -msgid "UsageQuota|Your purchased storage is running low. To avoid locked projects, please purchase more storage." +msgid "UsageQuota|Your purchased storage is running low. To avoid locked projects, purchase more storage." msgstr "" msgid "UsageQuota|out of %{formattedLimit} of your namespace storage" diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 8f26be442a7..a7996c5266c 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -366,10 +366,10 @@ RSpec.describe Projects::IssuesController do } end - context 'the current user cannot download code' do + context 'the current user cannot read code' do it 'prevents access' do allow(controller).to receive(:can?).with(any_args).and_return(true) - allow(controller).to receive(:can?).with(user, :download_code, project).and_return(false) + allow(controller).to receive(:can?).with(user, :read_code, project).and_return(false) subject diff --git a/spec/helpers/web_hooks/web_hooks_helper_spec.rb b/spec/helpers/web_hooks/web_hooks_helper_spec.rb index 473f33a982f..d0ae898ad1d 100644 --- a/spec/helpers/web_hooks/web_hooks_helper_spec.rb +++ b/spec/helpers/web_hooks/web_hooks_helper_spec.rb @@ -7,7 +7,6 @@ RSpec.describe WebHooks::WebHooksHelper do let(:current_user) { nil } let(:callout_dismissed) { false } - let(:web_hooks_disable_failed) { false } let(:webhooks_failed_callout) { false } before do @@ -15,8 +14,7 @@ RSpec.describe WebHooks::WebHooksHelper do allow(helper).to receive(:web_hook_disabled_dismissed?).with(project).and_return(callout_dismissed) stub_feature_flags( - webhooks_failed_callout: webhooks_failed_callout, - web_hooks_disable_failed: web_hooks_disable_failed + webhooks_failed_callout: webhooks_failed_callout ) end @@ -32,14 +30,6 @@ RSpec.describe WebHooks::WebHooksHelper do let(:webhooks_failed_callout) { project } end - shared_context 'web_hooks_disable_failed is enabled' do - let(:web_hooks_disable_failed) { true } - end - - shared_context 'web_hooks_disable_failed is enabled for this project' do - let(:web_hooks_disable_failed) { project } - end - shared_context 'the user has permission' do before do project.add_maintainer(current_user) @@ -60,7 +50,6 @@ RSpec.describe WebHooks::WebHooksHelper do context 'all conditions are met' do include_context 'user is logged in' include_context 'webhooks_failed_callout is enabled' - include_context 'web_hooks_disable_failed is enabled' include_context 'the user has permission' include_context 'a hook has failed' @@ -88,7 +77,6 @@ RSpec.describe WebHooks::WebHooksHelper do context 'all conditions are met, project scoped flags' do include_context 'user is logged in' include_context 'webhooks_failed_callout is enabled for this project' - include_context 'web_hooks_disable_failed is enabled for this project' include_context 'the user has permission' include_context 'a hook has failed' @@ -101,7 +89,6 @@ RSpec.describe WebHooks::WebHooksHelper do contexts = [ 'user is logged in', 'webhooks_failed_callout is enabled', - 'web_hooks_disable_failed is enabled', 'the user has permission', 'a hook has failed' ] diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb index db854670cc3..8853658df2c 100644 --- a/spec/models/hooks/web_hook_spec.rb +++ b/spec/models/hooks/web_hook_spec.rb @@ -207,16 +207,6 @@ RSpec.describe WebHook do it { is_expected.to contain_exactly(:token, :url, :url_variables) } end - describe '.web_hooks_disable_failed?' do - it 'returns true when feature is enabled for parent' do - second_hook = build(:project_hook) - stub_feature_flags(web_hooks_disable_failed: [false, second_hook.project]) - - expect(described_class.web_hooks_disable_failed?(hook)).to eq(false) - expect(described_class.web_hooks_disable_failed?(second_hook)).to eq(true) - end - end - describe 'execute' do let(:data) { { key: 'value' } } let(:hook_name) { 'project hook' } @@ -297,16 +287,6 @@ RSpec.describe WebHook do expect(described_class.where(project_id: project.id).executable).to match_array executables expect(described_class.where(project_id: project.id).disabled).to match_array not_executable end - - context 'when the feature flag is not enabled' do - before do - stub_feature_flags(web_hooks_disable_failed: false) - end - - specify 'enabled is the same as all' do - expect(described_class.where(project_id: project.id).executable).to match_array(executables + not_executable) - end - end end describe '#executable?' do @@ -354,26 +334,6 @@ RSpec.describe WebHook do it 'has the correct state' do expect(web_hook.executable?).to eq(executable) end - - context 'when the feature flag is enabled for a project' do - before do - stub_feature_flags(web_hooks_disable_failed: project) - end - - it 'has the expected value' do - expect(web_hook.executable?).to eq(executable) - end - end - - context 'when the feature flag is not enabled' do - before do - stub_feature_flags(web_hooks_disable_failed: false) - end - - it 'is executable' do - expect(web_hook).to be_executable - end - end end end @@ -613,12 +573,6 @@ RSpec.describe WebHook do it 'is true' do expect(hook).to be_temporarily_disabled end - - it 'is false when `web_hooks_disable_failed` flag is disabled' do - stub_feature_flags(web_hooks_disable_failed: false) - - expect(hook).not_to be_temporarily_disabled - end end end @@ -635,12 +589,6 @@ RSpec.describe WebHook do it 'is true' do expect(hook).to be_permanently_disabled end - - it 'is false when `web_hooks_disable_failed` flag is disabled' do - stub_feature_flags(web_hooks_disable_failed: false) - - expect(hook).not_to be_permanently_disabled - end end end diff --git a/spec/services/web_hooks/log_execution_service_spec.rb b/spec/services/web_hooks/log_execution_service_spec.rb index 1b8ff9f2a05..ef251e30bb2 100644 --- a/spec/services/web_hooks/log_execution_service_spec.rb +++ b/spec/services/web_hooks/log_execution_service_spec.rb @@ -41,14 +41,6 @@ RSpec.describe WebHooks::LogExecutionService do service.execute end - it 'does not update the last failure when the feature flag is disabled' do - stub_feature_flags(web_hooks_disable_failed: false) - - expect(project_hook).not_to receive(:update_last_failure) - - service.execute - end - context 'obtaining an exclusive lease' do let(:lease_key) { "web_hooks:update_hook_failure_state:#{project_hook.id}" } @@ -135,19 +127,6 @@ RSpec.describe WebHooks::LogExecutionService do expect { service.execute }.not_to change(project_hook, :recent_failures) end - - context 'when the web_hooks_disable_failed FF is disabled' do - before do - # Hook will only be executed if the flag is disabled. - stub_feature_flags(web_hooks_disable_failed: false) - end - - it 'does not allow the failure count to overflow' do - project_hook.update!(recent_failures: 32767) - - expect { service.execute }.not_to change(project_hook, :recent_failures) - end - end end context 'when response_category is :error' do -- cgit v1.2.3