From 38a40989000eb88315dca94e72a8341c15d034db Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 1 Nov 2022 06:11:02 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- app/serializers/integrations/event_entity.rb | 3 + app/services/merge_requests/approval_service.rb | 1 + .../merge_requests/remove_approval_service.rb | 1 + ...40_add_mirror_branch_regex_to_remote_mirrors.rb | 15 +++ ..._add_mirror_branch_regex_to_project_settings.rb | 12 +++ ...imit_to_project_settings_mirror_branch_regex.rb | 13 +++ db/schema_migrations/20220919062640 | 1 + db/schema_migrations/20220926023734 | 1 + db/schema_migrations/20221027124848 | 1 + db/structure.sql | 6 +- doc/administration/audit_events.md | 2 +- .../geo/replication/troubleshooting.md | 35 +++++++ .../troubleshooting/gitlab_rails_cheat_sheet.md | 103 --------------------- doc/user/admin_area/settings/usage_statistics.md | 2 +- .../settings/visibility_and_access_controls.md | 14 +-- doc/user/group/access_and_permissions.md | 13 +-- doc/user/project/settings/import_export.md | 8 +- .../package_registry/helm_registry_spec.rb | 2 +- .../maven/maven_group_level_spec.rb | 2 +- .../maven/maven_project_level_spec.rb | 2 +- .../maven_gradle_repository_spec.rb | 2 +- .../npm/npm_instance_level_spec.rb | 2 +- .../package_registry/npm/npm_project_level_spec.rb | 2 +- .../nuget/nuget_group_level_spec.rb | 14 +-- .../nuget/nuget_project_level_spec.rb | 3 +- .../package_registry/pypi_repository_spec.rb | 2 +- spec/requests/api/project_attributes.yml | 1 + spec/serializers/integrations/event_entity_spec.rb | 1 + .../merge_requests/approval_service_spec.rb | 16 ++++ .../merge_requests/remove_approval_service_spec.rb | 8 ++ workhorse/go.mod | 2 +- workhorse/go.sum | 4 +- 32 files changed, 154 insertions(+), 140 deletions(-) create mode 100644 db/migrate/20220919062640_add_mirror_branch_regex_to_remote_mirrors.rb create mode 100644 db/migrate/20220926023734_add_mirror_branch_regex_to_project_settings.rb create mode 100644 db/migrate/20221027124848_add_text_limit_to_project_settings_mirror_branch_regex.rb create mode 100644 db/schema_migrations/20220919062640 create mode 100644 db/schema_migrations/20220926023734 create mode 100644 db/schema_migrations/20221027124848 diff --git a/app/serializers/integrations/event_entity.rb b/app/serializers/integrations/event_entity.rb index 91bd91dd941..1cbd6114581 100644 --- a/app/serializers/integrations/event_entity.rb +++ b/app/serializers/integrations/event_entity.rb @@ -25,6 +25,9 @@ module Integrations expose :value do |event| integration.event_channel_value(event) end + expose :placeholder do |_event| + integration.default_channel_placeholder + end end private diff --git a/app/services/merge_requests/approval_service.rb b/app/services/merge_requests/approval_service.rb index 7ba6b9b8407..72f398ce415 100644 --- a/app/services/merge_requests/approval_service.rb +++ b/app/services/merge_requests/approval_service.rb @@ -12,6 +12,7 @@ module MergeRequests reset_approvals_cache(merge_request) merge_request_activity_counter.track_approve_mr_action(user: current_user, merge_request: merge_request) trigger_merge_request_merge_status_updated(merge_request) + trigger_merge_request_reviewers_updated(merge_request) # Approval side effects (things not required to be done immediately but # should happen after a successful approval) should be done asynchronously diff --git a/app/services/merge_requests/remove_approval_service.rb b/app/services/merge_requests/remove_approval_service.rb index 73d8d1b369d..8387c23fe3f 100644 --- a/app/services/merge_requests/remove_approval_service.rb +++ b/app/services/merge_requests/remove_approval_service.rb @@ -18,6 +18,7 @@ module MergeRequests create_note(merge_request) merge_request_activity_counter.track_unapprove_mr_action(user: current_user) trigger_merge_request_merge_status_updated(merge_request) + trigger_merge_request_reviewers_updated(merge_request) end success diff --git a/db/migrate/20220919062640_add_mirror_branch_regex_to_remote_mirrors.rb b/db/migrate/20220919062640_add_mirror_branch_regex_to_remote_mirrors.rb new file mode 100644 index 00000000000..0f27ba9488b --- /dev/null +++ b/db/migrate/20220919062640_add_mirror_branch_regex_to_remote_mirrors.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class AddMirrorBranchRegexToRemoteMirrors < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + + def up + add_column :remote_mirrors, :mirror_branch_regex, :text + add_text_limit :remote_mirrors, :mirror_branch_regex, 255 + end + + def down + remove_text_limit :remote_mirrors, :mirror_branch_regex + remove_column :remote_mirrors, :mirror_branch_regex + end +end diff --git a/db/migrate/20220926023734_add_mirror_branch_regex_to_project_settings.rb b/db/migrate/20220926023734_add_mirror_branch_regex_to_project_settings.rb new file mode 100644 index 00000000000..5032a9ff964 --- /dev/null +++ b/db/migrate/20220926023734_add_mirror_branch_regex_to_project_settings.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class AddMirrorBranchRegexToProjectSettings < Gitlab::Database::Migration[2.0] + enable_lock_retries! + + # rubocop:disable Migration/AddLimitToTextColumns + # limit is added in 20221027124848_add_text_limit_to_project_settings_mirror_branch_regex.rb + def change + add_column :project_settings, :mirror_branch_regex, :text + end + # rubocop:enable Migration/AddLimitToTextColumns +end diff --git a/db/migrate/20221027124848_add_text_limit_to_project_settings_mirror_branch_regex.rb b/db/migrate/20221027124848_add_text_limit_to_project_settings_mirror_branch_regex.rb new file mode 100644 index 00000000000..e87eb207204 --- /dev/null +++ b/db/migrate/20221027124848_add_text_limit_to_project_settings_mirror_branch_regex.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +class AddTextLimitToProjectSettingsMirrorBranchRegex < Gitlab::Database::Migration[2.0] + disable_ddl_transaction! + + def up + add_text_limit :project_settings, :mirror_branch_regex, 255 + end + + def down + remove_text_limit :project_settings, :mirror_branch_regex + end +end diff --git a/db/schema_migrations/20220919062640 b/db/schema_migrations/20220919062640 new file mode 100644 index 00000000000..0284cadd6d6 --- /dev/null +++ b/db/schema_migrations/20220919062640 @@ -0,0 +1 @@ +6b4e0ed9d29ace12f6ae1d4b8177ef998f9a5a3915cca80fa546a9f90ccde887 \ No newline at end of file diff --git a/db/schema_migrations/20220926023734 b/db/schema_migrations/20220926023734 new file mode 100644 index 00000000000..2fd1175b02d --- /dev/null +++ b/db/schema_migrations/20220926023734 @@ -0,0 +1 @@ +efa3d1c94b5de9c68ae3d007e95bbbae9582f4354e922b00a02ff5753dbe4d05 \ No newline at end of file diff --git a/db/schema_migrations/20221027124848 b/db/schema_migrations/20221027124848 new file mode 100644 index 00000000000..249e4e4b83f --- /dev/null +++ b/db/schema_migrations/20221027124848 @@ -0,0 +1 @@ +108dec45cbed3651aec46636a3009cb18296d0fa0ca720774dc2105123955dfd \ No newline at end of file diff --git a/db/structure.sql b/db/structure.sql index 41c45918fb5..8aef35f9cb8 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -20195,9 +20195,11 @@ CREATE TABLE project_settings ( suggested_reviewers_enabled boolean DEFAULT false NOT NULL, jitsu_key text, only_allow_merge_if_all_status_checks_passed boolean DEFAULT false NOT NULL, + mirror_branch_regex text, CONSTRAINT check_2981f15877 CHECK ((char_length(jitsu_key) <= 100)), CONSTRAINT check_3a03e7557a CHECK ((char_length(previous_default_branch) <= 4096)), CONSTRAINT check_3ca5cbffe6 CHECK ((char_length(issue_branch_template) <= 255)), + CONSTRAINT check_67292e4b99 CHECK ((char_length(mirror_branch_regex) <= 255)), CONSTRAINT check_b09644994b CHECK ((char_length(squash_commit_template) <= 500)), CONSTRAINT check_bde223416c CHECK ((show_default_award_emojis IS NOT NULL)), CONSTRAINT check_eaf7cfb6a7 CHECK ((char_length(merge_commit_template) <= 500)) @@ -20775,7 +20777,9 @@ CREATE TABLE remote_mirrors ( only_protected_branches boolean DEFAULT false NOT NULL, remote_name character varying, error_notification_sent boolean, - keep_divergent_refs boolean + keep_divergent_refs boolean, + mirror_branch_regex text, + CONSTRAINT check_aa6b497785 CHECK ((char_length(mirror_branch_regex) <= 255)) ); CREATE SEQUENCE remote_mirrors_id_seq diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md index 11600bc2da6..2b38d43a4e4 100644 --- a/doc/administration/audit_events.md +++ b/doc/administration/audit_events.md @@ -115,7 +115,7 @@ From there, you can see the following actions: - Instance administrator started or stopped impersonation of a group member. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/300961) in GitLab 14.8. - Group deploy token was successfully created, revoked, or deleted. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452) in GitLab 14.9. - Failed attempt to create a group deploy token. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/353452) in GitLab 14.9. -- [IP restrictions](../user/group/access_and_permissions.md#restrict-group-access-by-ip-address) changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358986) in GitLab 15.0. +- [IP restrictions](../user/group/access_and_permissions.md#restrict-access-to-groups-by-ip-address) changed. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358986) in GitLab 15.0. - Changes to push rules. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227629) in GitLab 15.0. - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356152) in GitLab 15.1, changes to the following merge request approvals settings: - Prevent approval by author. diff --git a/doc/administration/geo/replication/troubleshooting.md b/doc/administration/geo/replication/troubleshooting.md index efe012040ea..f247c269775 100644 --- a/doc/administration/geo/replication/troubleshooting.md +++ b/doc/administration/geo/replication/troubleshooting.md @@ -185,6 +185,41 @@ This machine's Geo node name matches a database record ... no Learn more about recommended site names in the description of the Name field in [Geo Admin Area Common Settings](../../../user/admin_area/geo_sites.md#common-settings). +### Reverify all uploads (or any SSF data type which is verified) + +1. SSH into a GitLab Rails node in the primary Geo site. +1. Open [Rails console](../../operations/rails_console.md). +1. Mark all uploads as "pending verification": + +WARNING: +Commands that change data can cause damage if not run correctly or under the right conditions. Always run commands in a test environment first and have a backup instance ready to restore. + + ```ruby + Upload.verification_state_table_class.each_batch do |relation| + relation.update_all(verification_state: 0) + end + ``` + +1. This will cause the primary to start checksumming all Uploads. +1. When a primary successfully checksums a record, then all secondaries rechecksum as well, and they compare the values. + +A similar thing can be done for all Models handled by the [Geo Self-Service Framework](../../../development/geo/framework.md) which have implemented verification: + +- `LfsObject` +- `MergeRequestDiff` +- `Packages::PackageFile` +- `Terraform::StateVersion` +- `SnippetRepository` +- `Ci::PipelineArtifact` +- `PagesDeployment` +- `Upload` +- `Ci::JobArtifact` +- `Ci::SecureFile` + +NOTE: +`GroupWikiRepository` is not in the previous list since verification is not implemented. +There is an [issue to implement this functionality in the Admin Area UI](https://gitlab.com/gitlab-org/gitlab/-/issues/364729). + ### Message: `WARNING: oldest xmin is far in the past` and `pg_wal` size growing If a replication slot is inactive, diff --git a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md index d87d2a1c55d..bc76408a5c2 100644 --- a/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md +++ b/doc/administration/troubleshooting/gitlab_rails_cheat_sheet.md @@ -28,77 +28,6 @@ mentioned above, we recommend running these scripts under the supervision of a Support Engineer, who can also verify that they continue to work as they should and, if needed, update the script for the latest version of GitLab. -## Imports and exports - -### Import a project - -```ruby -# Find the project and get the error -p = Project.find_by_full_path('/') - -p.import_error - -# To finish the import on GitLab running version before 11.6 -p.import_finish - -# To finish the import on GitLab running version 11.6 or after -p.import_state.mark_as_failed("Failed manually through console.") -``` - -### Rename imported repository - -In a specific situation, an imported repository needed to be renamed. The Support -Team was informed of a backup restore that failed on a single repository, which created -the project with an empty repository. The project was successfully restored to a development -instance, then exported, and imported into a new project under a different name. - -The Support Team was able to transfer the incorrectly named imported project into the -correctly named empty project using the steps below. - -Move the new repository to the empty repository: - -```shell -mv /var/opt/gitlab/git-data/repositories// /var/opt/gitlab/git-data/repositories// -``` - -Make sure the permissions are correct: - -```shell -chown -R git:git .git -``` - -Clear the cache: - -```shell -sudo gitlab-rake cache:clear -``` - -### Export a project - -It's typically recommended to export a project through [the web interface](../../user/project/settings/import_export.md#export-a-project-and-its-data) or through [the API](../../api/project_import_export.md). In situations where this is not working as expected, it may be preferable to export a project directly via the Rails console: - -```ruby -user = User.find_by_username('') -# Sufficient permissions needed -# Read https://docs.gitlab.com/ee/user/permissions.html#project-members-permissions - -project = Project.find_by_full_path('/ nil -``` - -The exported project is located in a `.tar.gz` file in `/var/opt/gitlab/gitlab-rails/uploads/-/system/import_export_upload/export_file/`. - -If this fails, [enable verbose logging](../operations/rails_console.md#looking-up-database-persisted-objects), -repeat the above procedure after, -and report the output to -[GitLab Support](https://about.gitlab.com/support/). - ## Mirrors ### Find mirrors with "bad decrypt" errors @@ -257,38 +186,6 @@ This content has been moved to [Troubleshooting Sidekiq](../sidekiq/sidekiq_trou ## Geo -### Reverify all uploads (or any SSF data type which is verified) - -1. SSH into a GitLab Rails node in the primary Geo site. -1. Open [Rails console](../operations/rails_console.md). -1. Mark all uploads as "pending verification": - - ```ruby - Upload.verification_state_table_class.each_batch do |relation| - relation.update_all(verification_state: 0) - end - ``` - -1. This will cause the primary to start checksumming all Uploads. -1. When a primary successfully checksums a record, then all secondaries rechecksum as well, and they compare the values. - -A similar thing can be done for all Models handled by the [Geo Self-Service Framework](../../development/geo/framework.md) which have implemented verification: - -- `LfsObject` -- `MergeRequestDiff` -- `Packages::PackageFile` -- `Terraform::StateVersion` -- `SnippetRepository` -- `Ci::PipelineArtifact` -- `PagesDeployment` -- `Upload` -- `Ci::JobArtifact` -- `Ci::SecureFile` - -NOTE: -`GroupWikiRepository` is not in the previous list since verification is not implemented. -There is an [issue to implement this functionality in the Admin Area UI](https://gitlab.com/gitlab-org/gitlab/-/issues/364729). - ### Artifacts Moved to [Geo replication troubleshooting](../geo/replication/troubleshooting.md#find-failed-artifacts). diff --git a/doc/user/admin_area/settings/usage_statistics.md b/doc/user/admin_area/settings/usage_statistics.md index fb027b462df..5607f7e9950 100644 --- a/doc/user/admin_area/settings/usage_statistics.md +++ b/doc/user/admin_area/settings/usage_statistics.md @@ -48,7 +48,7 @@ tier. Users can continue to access the features in a paid tier without sharing u ### Features available in 14.4 and later - [Repository size limit](../settings/account_and_limit_settings.md#repository-size-limit). -- [Group access restriction by IP address](../../group/access_and_permissions.md#restrict-group-access-by-ip-address). +- [Group access restriction by IP address](../../group/access_and_permissions.md#restrict-access-to-groups-by-ip-address). NOTE: Registration is not yet required for participation, but may be added in a future milestone. diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md index 29e9e06fe97..a8eae21c29b 100644 --- a/doc/user/admin_area/settings/visibility_and_access_controls.md +++ b/doc/user/admin_area/settings/visibility_and_access_controls.md @@ -280,13 +280,13 @@ work in every repository. They can only be re-enabled by an administrator user o > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87579) in GitLab 15.1 [with a flag](../../../administration/feature_flags.md) named `group_ip_restrictions_allow_global`. Disabled by default. > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/366445) in GitLab 15.4. [Feature flag `group_ip_restrictions_allow_global`](https://gitlab.com/gitlab-org/gitlab/-/issues/366445) removed. -This setting allows you to set IP address ranges to be combined with group-level IP allowlists. -It helps administrators prevent aspects of the GitLab installation from being blocked -from working as intended when an IP allowlist is used. +Administrators can set IP address ranges to be combined with [group-level IP restrictions](../../group/access_and_permissions.md#restrict-access-to-groups-by-ip-address). +Use globally-allowed IP addresses to allow aspects of the GitLab installation to work even when group-level IP address +restrictions are set. -For example, if the GitLab Pages daemon runs on the `10.0.0.0/24` range, specify that range in this -field, as otherwise any group-level restrictions that don't include that range cause the Pages -daemon to be unable to fetch artifacts from the pipeline runs. +For example, if the GitLab Pages daemon runs on the `10.0.0.0/24` range, you can specify that range as globally-allowed. +This means GitLab Pages can still fetch artifacts from pipelines even if group-level IP address restrictions don't +include the `10.0.0.0/24` range. To add a IP address range to the group-level allowlist: @@ -294,7 +294,7 @@ To add a IP address range to the group-level allowlist: 1. On the top bar, select **Main menu > Admin**. 1. On the left sidebar, select **Settings > General**. 1. Expand the **Visibility and access controls** section. -1. In **Globally-allowed IP ranges**, provide a value. +1. In **Globally-allowed IP ranges**, provide IP address ranges. 1. Select **Save changes**.