From 286bddcf3c62ca6fc499e1d5b6e678c0866fecc4 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 30 May 2023 06:09:21 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .rubocop_todo/gitlab/strong_memoize_attr.yml | 10 -- GITLAB_KAS_VERSION | 2 +- app/models/packages/go/module.rb | 3 +- app/models/packages/go/module_version.rb | 46 +++++---- app/models/packages/package.rb | 5 +- app/presenters/packages/conan/package_presenter.rb | 5 +- .../packages/nuget/packages_metadata_presenter.rb | 7 +- .../packages/nuget/search_results_presenter.rb | 35 ++++--- doc/administration/geo/setup/index.md | 4 +- doc/api/integrations.md | 1 + doc/user/application_security/sast/index.md | 2 +- doc/user/group/manage.md | 6 +- lib/api/helpers/packages/basic_auth_helpers.rb | 13 ++- lib/api/helpers/packages/conan/api_helpers.rb | 45 ++++----- lib/api/helpers/packages/npm.rb | 103 ++++++++++----------- lib/api/helpers/packages_helpers.rb | 18 ++-- spec/models/packages/go/module_version_spec.rb | 27 +++++- 17 files changed, 166 insertions(+), 166 deletions(-) diff --git a/.rubocop_todo/gitlab/strong_memoize_attr.yml b/.rubocop_todo/gitlab/strong_memoize_attr.yml index 4274e59a2a9..4e220f22800 100644 --- a/.rubocop_todo/gitlab/strong_memoize_attr.yml +++ b/.rubocop_todo/gitlab/strong_memoize_attr.yml @@ -127,9 +127,6 @@ Gitlab/StrongMemoizeAttr: - 'app/models/namespaces/traversal/linear.rb' - 'app/models/namespaces/traversal/recursive.rb' - 'app/models/note.rb' - - 'app/models/packages/go/module.rb' - - 'app/models/packages/go/module_version.rb' - - 'app/models/packages/package.rb' - 'app/models/pages/lookup_path.rb' - 'app/models/project.rb' - 'app/models/release.rb' @@ -151,9 +148,6 @@ Gitlab/StrongMemoizeAttr: - 'app/presenters/ci/pipeline_presenter.rb' - 'app/presenters/clusters/cluster_presenter.rb' - 'app/presenters/merge_request_presenter.rb' - - 'app/presenters/packages/conan/package_presenter.rb' - - 'app/presenters/packages/nuget/packages_metadata_presenter.rb' - - 'app/presenters/packages/nuget/search_results_presenter.rb' - 'app/presenters/project_presenter.rb' - 'app/presenters/projects/settings/deploy_keys_presenter.rb' - 'app/serializers/ci/pipeline_entity.rb' @@ -509,10 +503,6 @@ Gitlab/StrongMemoizeAttr: - 'lib/api/container_repositories.rb' - 'lib/api/entities/basic_project_details.rb' - 'lib/api/helpers/authentication.rb' - - 'lib/api/helpers/packages/basic_auth_helpers.rb' - - 'lib/api/helpers/packages/conan/api_helpers.rb' - - 'lib/api/helpers/packages/npm.rb' - - 'lib/api/helpers/packages_helpers.rb' - 'lib/api/terraform/modules/v1/packages.rb' - 'lib/api/unleash.rb' - 'lib/atlassian/jira_connect/jwt/asymmetric.rb' diff --git a/GITLAB_KAS_VERSION b/GITLAB_KAS_VERSION index e2edcba56ca..3c95b26926d 100644 --- a/GITLAB_KAS_VERSION +++ b/GITLAB_KAS_VERSION @@ -1 +1 @@ -v16.0.1 +v16.1.0 diff --git a/app/models/packages/go/module.rb b/app/models/packages/go/module.rb index a029437c82d..958658e68c1 100644 --- a/app/models/packages/go/module.rb +++ b/app/models/packages/go/module.rb @@ -14,8 +14,9 @@ module Packages end def versions - strong_memoize(:versions) { Packages::Go::VersionFinder.new(self).execute } + Packages::Go::VersionFinder.new(self).execute end + strong_memoize_attr :versions def version_by(ref: nil, commit: nil) raise ArgumentError, 'no filter specified' unless ref || commit diff --git a/app/models/packages/go/module_version.rb b/app/models/packages/go/module_version.rb index 5869a03e081..17b97151f29 100644 --- a/app/models/packages/go/module_version.rb +++ b/app/models/packages/go/module_version.rb @@ -46,16 +46,15 @@ module Packages end def gomod - strong_memoize(:gomod) do - if strong_memoized?(:blobs) - blob_at(@mod.path + '/go.mod') - elsif @mod.path.empty? - @mod.project.repository.blob_at(@commit.sha, 'go.mod')&.data - else - @mod.project.repository.blob_at(@commit.sha, @mod.path + '/go.mod')&.data - end + if strong_memoized?(:blobs) + blob_at(@mod.path + '/go.mod') + elsif @mod.path.empty? + @mod.project.repository.blob_at(@commit.sha, 'go.mod')&.data + else + @mod.project.repository.blob_at(@commit.sha, @mod.path + '/go.mod')&.data end end + strong_memoize_attr :gomod def archive suffix_len = @mod.path == '' ? 0 : @mod.path.length + 1 @@ -69,18 +68,16 @@ module Packages end def files - strong_memoize(:files) do - ls_tree.filter { |e| !excluded.any? { |n| e.start_with? n } } - end + ls_tree.filter { |e| !excluded.any? { |n| e.start_with? n } } end + strong_memoize_attr :files def excluded - strong_memoize(:excluded) do - ls_tree + ls_tree .filter { |f| f.end_with?('/go.mod') && f != @mod.path + '/go.mod' } .map { |f| f[0..-7] } - end end + strong_memoize_attr :excluded def valid? # assume the module version is valid if a corresponding Package exists @@ -100,21 +97,20 @@ module Packages end def blobs - strong_memoize(:blobs) { @mod.project.repository.batch_blobs(files.map { |x| [@commit.sha, x] }) } + @mod.project.repository.batch_blobs(files.map { |x| [@commit.sha, x] }) end + strong_memoize_attr :blobs def ls_tree - strong_memoize(:ls_tree) do - path = - if @mod.path.empty? - '.' - else - @mod.path - end - - @mod.project.repository.gitaly_repository_client.search_files_by_name(@commit.sha, path) - end + path = if @mod.path.empty? + '.' + else + @mod.path + end + + @mod.project.repository.gitaly_repository_client.search_files_by_name(@commit.sha, path) end + strong_memoize_attr :ls_tree end end end diff --git a/app/models/packages/package.rb b/app/models/packages/package.rb index 56ab09459ad..f1044f865aa 100644 --- a/app/models/packages/package.rb +++ b/app/models/packages/package.rb @@ -329,10 +329,9 @@ class Packages::Package < ApplicationRecord end def package_settings - strong_memoize(:package_settings) do - project.namespace.package_settings - end + project.namespace.package_settings end + strong_memoize_attr :package_settings def sync_maven_metadata(user) return unless maven? && version? && user diff --git a/app/presenters/packages/conan/package_presenter.rb b/app/presenters/packages/conan/package_presenter.rb index 0c7a81038dd..2fab074c69c 100644 --- a/app/presenters/packages/conan/package_presenter.rb +++ b/app/presenters/packages/conan/package_presenter.rb @@ -80,10 +80,9 @@ module Packages def package_files return unless @package - strong_memoize(:package_files) do - @package.installable_package_files.preload_conan_file_metadata - end + @package.installable_package_files.preload_conan_file_metadata end + strong_memoize_attr :package_files def matching_reference?(package_file) package_file.conan_file_metadatum.conan_package_reference == conan_package_reference diff --git a/app/presenters/packages/nuget/packages_metadata_presenter.rb b/app/presenters/packages/nuget/packages_metadata_presenter.rb index 9f1dee17cea..10a19060f8a 100644 --- a/app/presenters/packages/nuget/packages_metadata_presenter.rb +++ b/app/presenters/packages/nuget/packages_metadata_presenter.rb @@ -59,11 +59,10 @@ module Packages end def sorted_versions - strong_memoize(:sorted_versions) do - versions = @packages.map(&:version).compact - VersionSorter.sort(versions) - end + versions = @packages.map(&:version).compact + VersionSorter.sort(versions) end + strong_memoize_attr :sorted_versions end end end diff --git a/app/presenters/packages/nuget/search_results_presenter.rb b/app/presenters/packages/nuget/search_results_presenter.rb index dc391c380f3..311296d576c 100644 --- a/app/presenters/packages/nuget/search_results_presenter.rb +++ b/app/presenters/packages/nuget/search_results_presenter.rb @@ -14,26 +14,25 @@ module Packages end def data - strong_memoize(:data) do - @search.results.group_by(&:name).map do |package_name, packages| - latest_version = latest_version(packages) - latest_package = packages.find { |pkg| pkg.version == latest_version } - - { - type: 'Package', - authors: '', - name: package_name, - version: latest_version, - versions: build_package_versions(packages), - summary: '', - total_downloads: 0, - verified: true, - tags: tags_for(latest_package), - metadatum: metadatum_for(latest_package) - } - end + @search.results.group_by(&:name).map do |package_name, packages| + latest_version = latest_version(packages) + latest_package = packages.find { |pkg| pkg.version == latest_version } + + { + type: 'Package', + authors: '', + name: package_name, + version: latest_version, + versions: build_package_versions(packages), + summary: '', + total_downloads: 0, + verified: true, + tags: tags_for(latest_package), + metadatum: metadatum_for(latest_package) + } end end + strong_memoize_attr :data private diff --git a/doc/administration/geo/setup/index.md b/doc/administration/geo/setup/index.md index 3525199226d..9fb8a94c3c5 100644 --- a/doc/administration/geo/setup/index.md +++ b/doc/administration/geo/setup/index.md @@ -18,7 +18,8 @@ type: howto - Ensure the **primary** site has a [GitLab Premium or Ultimate](https://about.gitlab.com/pricing/) subscription to unlock Geo. You only need one license for all the sites. - Confirm the [requirements for running Geo](../index.md#requirements-for-running-geo) are met by all sites. For example, sites must use the same GitLab version, and sites must be able to communicate with each other over certain ports. -- Confirm the **primary** and **secondary** site storage configurations match. If the primary Geo site uses object storage, the secondary Geo site must use it too. See [Geo with Object storage] (../object_storage.md) for more details. +- Confirm the **primary** and **secondary** site storage configurations match. If the primary Geo site uses object storage, the secondary Geo site must use it too. See [Geo with Object storage] (../replication/object_storage.md) for more details. +- Ensure clocks are synchronized between the **primary** site and the **secondary** site. Synchronized clocks are required for Geo to function correctly. For example, if the clock drift between the **primary** and **secondary** sites exceeds 1 minute, replication will fail. ## Using Omnibus GitLab @@ -34,6 +35,7 @@ If both Geo sites are based on the [1K reference architecture](../../reference_a 1. Optional: [Configure Object storage](../../object_storage.md) 1. Optional: [Configure a secondary LDAP server](../../auth/ldap/index.md) for the **secondary** sites. See [notes on LDAP](../index.md#ldap). 1. Optional: [Configure Geo secondary proxying](../secondary_proxy/index.md) to use a single, unified URL for all Geo sites. This step is recommended to accelerate most read requests while transparently proxying writes to the primary Geo site. +1. Optional: [Configure Container Registry for the secondary site](../replication/container_registry.md). 1. Follow the [Using a Geo Site](../replication/usage.md) guide. ### Multi-node Geo sites diff --git a/doc/api/integrations.md b/doc/api/integrations.md index 0a05759c8c2..0d30a2942b1 100644 --- a/doc/api/integrations.md +++ b/doc/api/integrations.md @@ -93,6 +93,7 @@ Parameters: | `app_store_issuer_id` | string | true | The Apple App Store Connect Issuer ID. | | `app_store_key_id` | string | true | The Apple App Store Connect Key ID. | | `app_store_private_key` | string | true | The Apple App Store Connect Private Key. | +| `app_store_protected_refs` | boolean | false | Set variables only on protected branches and tags. Defaults to `true` (enabled). | ### Disable Apple App Store integration diff --git a/doc/user/application_security/sast/index.md b/doc/user/application_security/sast/index.md index 64c0f3440c5..9af9d5e529c 100644 --- a/doc/user/application_security/sast/index.md +++ b/doc/user/application_security/sast/index.md @@ -868,7 +868,7 @@ This occurs when Flawfinder encounters an invalid UTF-8 character. To fix this, ### Semgrep slowness, unexpected results, or other errors -If Semgrep is slow, reports too many false positives or false negatives, crashes, fails, or is otherwise broken, see the Semgrep docs for [troubleshooting GitLab SAST](https://semgrep.dev/docs/troubleshooting/gitlab-sast/). +If Semgrep is slow, reports too many false positives or false negatives, crashes, fails, or is otherwise broken, see the Semgrep docs for [troubleshooting GitLab SAST](https://semgrep.dev/docs/troubleshooting/semgrep-ci/#troubleshooting-gitlab-sast). ### SAST job fails with message `strconv.ParseUint: parsing "0.0": invalid syntax` diff --git a/doc/user/group/manage.md b/doc/user/group/manage.md index 83ec7115660..ca77fa87e7b 100644 --- a/doc/user/group/manage.md +++ b/doc/user/group/manage.md @@ -395,7 +395,7 @@ To enable this setting: > - [Feature flag `group_merge_request_approval_settings_feature_flag`](https://gitlab.com/gitlab-org/gitlab/-/issues/343872) removed in GitLab 14.9. Group approval settings manage [project merge request approval settings](../project/merge_requests/approvals/settings.md) -at the top-level group level. These settings [cascade to all projects](../project/merge_requests/approvals/settings.md#settings-cascading) +for all projects in a top-level group. These settings [cascade to all projects](../project/merge_requests/approvals/settings.md#settings-cascading) that belong to the group. To view the merge request approval settings for a group: @@ -406,7 +406,9 @@ To view the merge request approval settings for a group: 1. Select the settings you want. 1. Select **Save changes**. -Support for group-level settings for merge request approval rules is tracked in this [epic](https://gitlab.com/groups/gitlab-org/-/epics/4367). +Approval settings should not be confused with [approval rules](../project/merge_requests/approvals/rules.md). Support +for the ability to set merge request approval rules for groups is tracked in +[epic 4367](https://gitlab.com/groups/gitlab-org/-/epics/4367). ## Enable Code Suggestions **(FREE SAAS)** diff --git a/lib/api/helpers/packages/basic_auth_helpers.rb b/lib/api/helpers/packages/basic_auth_helpers.rb index a62bb1d4991..4f301d7038a 100644 --- a/lib/api/helpers/packages/basic_auth_helpers.rb +++ b/lib/api/helpers/packages/basic_auth_helpers.rb @@ -41,16 +41,15 @@ module API end def find_authorized_group! - strong_memoize(:authorized_group) do - group = find_group(params[:id]) + group = find_group(params[:id]) - unless group && can?(current_user, :read_group, group) - next unauthorized_or! { not_found! } - end - - group + unless group && can?(current_user, :read_group, group) + return unauthorized_or! { not_found! } end + + group end + strong_memoize_attr :find_authorized_group! def authorize!(action, subject = :global, reason = nil) return if can?(current_user, action, subject) diff --git a/lib/api/helpers/packages/conan/api_helpers.rb b/lib/api/helpers/packages/conan/api_helpers.rb index b47bfbfb5aa..3873fe98a5f 100644 --- a/lib/api/helpers/packages/conan/api_helpers.rb +++ b/lib/api/helpers/packages/conan/api_helpers.rb @@ -125,20 +125,18 @@ module API end def project - strong_memoize(:project) do - case package_scope - when :project - user_project(action: :read_package) - when :instance - full_path = ::Packages::Conan::Metadatum.full_path_from(package_username: params[:package_username]) - find_project!(full_path) - end + case package_scope + when :project + user_project(action: :read_package) + when :instance + full_path = ::Packages::Conan::Metadatum.full_path_from(package_username: params[:package_username]) + find_project!(full_path) end end + strong_memoize_attr :project def package - strong_memoize(:package) do - project.packages + project.packages .conan .with_name(params[:package_name]) .with_version(params[:package_version]) @@ -147,18 +145,17 @@ module API .order_created .not_pending_destruction .last - end end + strong_memoize_attr :package def token - strong_memoize(:token) do - token = nil - token = ::Gitlab::ConanToken.from_personal_access_token(find_personal_access_token.user_id, access_token_from_request) if find_personal_access_token - token = ::Gitlab::ConanToken.from_deploy_token(deploy_token_from_request) if deploy_token_from_request - token = ::Gitlab::ConanToken.from_job(find_job_from_token) if find_job_from_token - token - end + token = nil + token = ::Gitlab::ConanToken.from_personal_access_token(find_personal_access_token.user_id, access_token_from_request) if find_personal_access_token + token = ::Gitlab::ConanToken.from_deploy_token(deploy_token_from_request) if deploy_token_from_request + token = ::Gitlab::ConanToken.from_job(find_job_from_token) if find_job_from_token + token end + strong_memoize_attr :token def download_package_file(file_type) authorize_read_package!(project) @@ -227,17 +224,15 @@ module API # We override this method from auth_finders because we need to # extract the token from the Conan JWT which is specific to the Conan API def find_personal_access_token - strong_memoize(:find_personal_access_token) do - PersonalAccessToken.find_by_token(access_token_from_request) - end + PersonalAccessToken.find_by_token(access_token_from_request) end + strong_memoize_attr :find_personal_access_token def access_token_from_request - strong_memoize(:access_token_from_request) do - find_personal_access_token_from_conan_jwt || - find_password_from_basic_auth - end + find_personal_access_token_from_conan_jwt || + find_password_from_basic_auth end + strong_memoize_attr :access_token_from_request def find_password_from_basic_auth return unless route_authentication_setting[:basic_auth_personal_access_token] diff --git a/lib/api/helpers/packages/npm.rb b/lib/api/helpers/packages/npm.rb index b4a66d6177a..be7f57fda0c 100644 --- a/lib/api/helpers/packages/npm.rb +++ b/lib/api/helpers/packages/npm.rb @@ -12,22 +12,21 @@ module API }.freeze def project - strong_memoize(:project) do - case endpoint_scope - when :project - user_project(action: :read_package) - when :instance, :group - # Simulate the same behavior as #user_project by re-using #find_project! - # but take care if the project_id is nil as #find_project! is not designed - # to handle it. - project_id = project_id_or_nil - - not_found!('Project') unless project_id - - find_project!(project_id) - end + case endpoint_scope + when :project + user_project(action: :read_package) + when :instance, :group + # Simulate the same behavior as #user_project by re-using #find_project! + # but take care if the project_id is nil as #find_project! is not designed + # to handle it. + project_id = project_id_or_nil + + not_found!('Project') unless project_id + + find_project!(project_id) end end + strong_memoize_attr :project def finder_for_endpoint_scope(package_name) case endpoint_scope @@ -43,51 +42,49 @@ module API def project_or_nil # mainly used by the metadata endpoint where we need to get a project # and return nil if not found (no errors should be raised) - strong_memoize(:project_or_nil) do - next unless project_id_or_nil + return unless project_id_or_nil - find_project(project_id_or_nil) - end + find_project(project_id_or_nil) end + strong_memoize_attr :project_or_nil def project_id_or_nil - strong_memoize(:project_id_or_nil) do - case endpoint_scope - when :project - params[:id] - when :group - finder = ::Packages::Npm::PackageFinder.new( - params[:package_name], - namespace: group, - last_of_each_version: false - ) - - finder.last&.project_id - when :instance - package_name = params[:package_name] - - namespace = - if Feature.enabled?(:npm_allow_packages_in_multiple_projects) - top_namespace_from(package_name) - else - namespace_path = ::Packages::Npm.scope_of(package_name) - next unless namespace_path - - Namespace.top_most.by_path(namespace_path) - end - - next unless namespace - - finder = ::Packages::Npm::PackageFinder.new( - package_name, - namespace: namespace, - last_of_each_version: false - ) - - finder.last&.project_id - end + case endpoint_scope + when :project + params[:id] + when :group + finder = ::Packages::Npm::PackageFinder.new( + params[:package_name], + namespace: group, + last_of_each_version: false + ) + + finder.last&.project_id + when :instance + package_name = params[:package_name] + + namespace = + if Feature.enabled?(:npm_allow_packages_in_multiple_projects) + top_namespace_from(package_name) + else + namespace_path = ::Packages::Npm.scope_of(package_name) + return unless namespace_path + + Namespace.top_most.by_path(namespace_path) + end + + return unless namespace + + finder = ::Packages::Npm::PackageFinder.new( + package_name, + namespace: namespace, + last_of_each_version: false + ) + + finder.last&.project_id end end + strong_memoize_attr :project_id_or_nil private diff --git a/lib/api/helpers/packages_helpers.rb b/lib/api/helpers/packages_helpers.rb index be2b73e2d48..f3b3a299204 100644 --- a/lib/api/helpers/packages_helpers.rb +++ b/lib/api/helpers/packages_helpers.rb @@ -4,6 +4,7 @@ module API module Helpers module PackagesHelpers extend ::Gitlab::Utils::Override + include ::Gitlab::Utils::StrongMemoize MAX_PACKAGE_FILE_SIZE = 50.megabytes.freeze ALLOWED_REQUIRED_PERMISSIONS = %i[read_package read_group].freeze @@ -71,19 +72,18 @@ module API # This function is similar to the `find_project!` function, but it considers the `read_package` ability. def user_project_with_read_package - strong_memoize(:user_project_with_read_package) do - project = find_project(params[:id]) + project = find_project(params[:id]) - next forbidden! unless authorized_project_scope?(project) + return forbidden! unless authorized_project_scope?(project) - next project if can?(current_user, :read_package, project&.packages_policy_subject) - # guest users can have :read_project but not :read_package - next forbidden! if can?(current_user, :read_project, project) - next unauthorized! if authenticate_non_public? + return project if can?(current_user, :read_package, project&.packages_policy_subject) + # guest users can have :read_project but not :read_package + return forbidden! if can?(current_user, :read_project, project) + return unauthorized! if authenticate_non_public? - not_found!('Project') - end + not_found!('Project') end + strong_memoize_attr :user_project_with_read_package def track_package_event(action, scope, **args) service = ::Packages::CreateEventService.new(nil, current_user, event_name: action, scope: scope) diff --git a/spec/models/packages/go/module_version_spec.rb b/spec/models/packages/go/module_version_spec.rb index cace2160878..6bdf6431e43 100644 --- a/spec/models/packages/go/module_version_spec.rb +++ b/spec/models/packages/go/module_version_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Packages::Go::ModuleVersion, type: :model do +RSpec.describe Packages::Go::ModuleVersion, type: :model, feature_category: :package_registry do include_context 'basic Go module' let_it_be(:mod) { create :go_module, project: project } @@ -57,9 +57,30 @@ RSpec.describe Packages::Go::ModuleVersion, type: :model do end context 'with go.mod present' do - let_it_be(:version) { create :go_module_version, :tagged, mod: mod, name: 'v1.0.1' } + let!(:version) { create :go_module_version, :tagged, mod: mod, name: name } + let(:name) { 'v1.0.1' } - it('returns the contents of go.mod') { expect(version.gomod).to eq("module #{mod.name}\n") } + shared_examples 'returns the contents of go.mod' do + it { expect(version.gomod).to eq("module #{mod.name}\n") } + end + + it_behaves_like 'returns the contents of go.mod' + + context 'with cached blobs' do + before do + version.send(:blobs) + end + + it_behaves_like 'returns the contents of go.mod' + end + + context 'with the submodule\'s path' do + let_it_be(:mod) { create :go_module, project: project, path: 'mod' } + + let(:name) { 'v1.0.3' } + + it_behaves_like 'returns the contents of go.mod' + end end end -- cgit v1.2.3