From 30b17460a2569734cf04dae1b2841d3654b2c0ec Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 14 May 2020 18:08:06 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- doc/administration/database_load_balancing.md | 4 +- doc/administration/external_database.md | 5 ++ doc/administration/geo/replication/database.md | 14 ++-- .../geo/replication/external_database.md | 4 +- doc/administration/geo/replication/index.md | 2 +- .../geo/replication/security_review.md | 2 +- doc/administration/gitaly/praefect.md | 6 +- doc/administration/high_availability/database.md | 2 +- doc/administration/high_availability/pgbouncer.md | 2 +- doc/administration/instance_limits.md | 4 ++ doc/administration/troubleshooting/ssl.md | 38 ++++++++++ doc/ci/docker/using_docker_images.md | 10 +-- doc/development/documentation/styleguide.md | 6 +- doc/development/filtering_by_label.md | 4 +- doc/development/geo.md | 6 +- doc/development/go_guide/index.md | 53 ++++++++++++++ doc/development/namespaces_storage_statistics.md | 2 +- doc/development/verifying_database_capabilities.md | 2 +- doc/install/requirements.md | 2 +- doc/topics/autodevops/customize.md | 2 +- doc/topics/autodevops/stages.md | 2 +- doc/topics/autodevops/upgrading_postgresql.md | 2 +- .../dependency_scanning/index.md | 13 ++++ doc/user/application_security/index.md | 16 ++++- doc/user/clusters/crossplane.md | 4 +- doc/user/snippets.md | 80 +++++++++++----------- 26 files changed, 204 insertions(+), 83 deletions(-) (limited to 'doc') diff --git a/doc/administration/database_load_balancing.md b/doc/administration/database_load_balancing.md index 1bc848e537a..0f566fcc114 100644 --- a/doc/administration/database_load_balancing.md +++ b/doc/administration/database_load_balancing.md @@ -26,9 +26,9 @@ sent to the primary (unless necessary), the primary (`db3`) hardly has any load. ## Requirements -For load balancing to work you will need at least PostgreSQL 9.2 or newer, +For load balancing to work you will need at least PostgreSQL 11 or newer, [**MySQL is not supported**](../install/requirements.md#database). You also need to make sure that you have -at least 1 secondary in [hot standby](https://www.postgresql.org/docs/9.6/hot-standby.html) mode. +at least 1 secondary in [hot standby](https://www.postgresql.org/docs/11/hot-standby.html) mode. Load balancing also requires that the configured hosts **always** point to the primary, even after a database failover. Furthermore, the additional hosts to diff --git a/doc/administration/external_database.md b/doc/administration/external_database.md index 13c9ef872f8..47509828c20 100644 --- a/doc/administration/external_database.md +++ b/doc/administration/external_database.md @@ -13,6 +13,11 @@ If you use a cloud-managed service, or provide your own PostgreSQL instance: [database requirements document](../install/requirements.md#database). 1. Set up a `gitlab` username with a password of your choice. The `gitlab` user needs privileges to create the `gitlabhq_production` database. +1. If you are using a cloud-managed service, you may need to grant additional + roles to your `gitlab` user: + - Amazon RDS requires the [`rds_superuser`](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.html#Appendix.PostgreSQL.CommonDBATasks.Roles) role. + - Azure Database for PostgreSQL requires the [`azure_pg_admin`](https://docs.microsoft.com/en-us/azure/postgresql/howto-create-users#how-to-create-additional-admin-users-in-azure-database-for-postgresql) role. + 1. Configure the GitLab application servers with the appropriate connection details for your external PostgreSQL service in your `/etc/gitlab/gitlab.rb` file: diff --git a/doc/administration/geo/replication/database.md b/doc/administration/geo/replication/database.md index 4eac22e194d..62bd0e6ac19 100644 --- a/doc/administration/geo/replication/database.md +++ b/doc/administration/geo/replication/database.md @@ -33,9 +33,9 @@ recover. See below for more details. The following guide assumes that: -- You are using Omnibus and therefore you are using PostgreSQL 9.6 or later - which includes the [`pg_basebackup` tool](https://www.postgresql.org/docs/9.6/app-pgbasebackup.html) and improved - [Foreign Data Wrapper](https://www.postgresql.org/docs/9.6/postgres-fdw.html) support. +- You are using Omnibus and therefore you are using PostgreSQL 11 or later + which includes the [`pg_basebackup` tool](https://www.postgresql.org/docs/11/app-pgbasebackup.html) and improved + [Foreign Data Wrapper](https://www.postgresql.org/docs/11/postgres-fdw.html) support. - You have a **primary** node already set up (the GitLab server you are replicating from), running Omnibus' PostgreSQL (or equivalent version), and you have a new **secondary** server set up with the same versions of the OS, @@ -160,7 +160,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o `postgresql['md5_auth_cidr_addresses']` and `postgresql['listen_address']`. The `listen_address` option opens PostgreSQL up to network connections with the interface - corresponding to the given address. See [the PostgreSQL documentation](https://www.postgresql.org/docs/9.6/runtime-config-connection.html) + corresponding to the given address. See [the PostgreSQL documentation](https://www.postgresql.org/docs/11/runtime-config-connection.html) for more details. Depending on your network configuration, the suggested addresses may not @@ -213,7 +213,7 @@ There is an [issue where support is being discussed](https://gitlab.com/gitlab-o ``` You may also want to edit the `wal_keep_segments` and `max_wal_senders` to match your - database replication requirements. Consult the [PostgreSQL - Replication documentation](https://www.postgresql.org/docs/9.6/runtime-config-replication.html) + database replication requirements. Consult the [PostgreSQL - Replication documentation](https://www.postgresql.org/docs/11/runtime-config-replication.html) for more information. 1. Save the file and reconfigure GitLab for the database listen changes and @@ -442,7 +442,7 @@ data before running `pg_basebackup`. (e.g., you know the network path is secure, or you are using a site-to-site VPN). This is **not** safe over the public Internet! - You can read more details about each `sslmode` in the - [PostgreSQL documentation](https://www.postgresql.org/docs/9.6/libpq-ssl.html#LIBPQ-SSL-PROTECTION); + [PostgreSQL documentation](https://www.postgresql.org/docs/11/libpq-ssl.html#LIBPQ-SSL-PROTECTION); the instructions above are carefully written to ensure protection against both passive eavesdroppers and active "man-in-the-middle" attackers. - Change the `--slot-name` to the name of the replication slot @@ -464,7 +464,7 @@ high-availability configuration with a cluster of nodes supporting a Geo information, see [High Availability with Omnibus GitLab](../../high_availability/database.md#high-availability-with-omnibus-gitlab-premium-only). For a Geo **secondary** node to work properly with PgBouncer in front of the database, -it will need a separate read-only user to make [PostgreSQL FDW queries](https://www.postgresql.org/docs/9.6/postgres-fdw.html) +it will need a separate read-only user to make [PostgreSQL FDW queries](https://www.postgresql.org/docs/11/postgres-fdw.html) work: 1. On the **primary** Geo database, enter the PostgreSQL on the console as an diff --git a/doc/administration/geo/replication/external_database.md b/doc/administration/geo/replication/external_database.md index b571d3a173f..b2293684bf6 100644 --- a/doc/administration/geo/replication/external_database.md +++ b/doc/administration/geo/replication/external_database.md @@ -157,7 +157,7 @@ when `roles ['geo_secondary_role']` is set. For high availability, refer to [Geo High Availability](../../reference_architectures/index.md). If you want to run this database external to Omnibus, please follow the instructions below. -The tracking database requires an [FDW](https://www.postgresql.org/docs/9.6/postgres-fdw.html) +The tracking database requires an [FDW](https://www.postgresql.org/docs/11/postgres-fdw.html) connection with the **secondary** replica database for improved performance. If you have an external database ready to be used as the tracking database, @@ -211,7 +211,7 @@ the tracking database on port 5432. gitlab-rake geo:db:migrate ``` -1. Configure the [PostgreSQL FDW](https://www.postgresql.org/docs/9.6/postgres-fdw.html) +1. Configure the [PostgreSQL FDW](https://www.postgresql.org/docs/11/postgres-fdw.html) connection and credentials: Save the script below in a file, ex. `/tmp/geo_fdw.sh` and modify the connection diff --git a/doc/administration/geo/replication/index.md b/doc/administration/geo/replication/index.md index 728e96cb605..63c81071cf3 100644 --- a/doc/administration/geo/replication/index.md +++ b/doc/administration/geo/replication/index.md @@ -110,7 +110,7 @@ The following are required to run Geo: The following operating systems are known to ship with a current version of OpenSSH: - [CentOS](https://www.centos.org) 7.4+ - [Ubuntu](https://ubuntu.com) 16.04+ -- PostgreSQL 9.6+ with [FDW](https://www.postgresql.org/docs/9.6/postgres-fdw.html) support and [Streaming Replication](https://wiki.postgresql.org/wiki/Streaming_Replication) +- PostgreSQL 11+ with [FDW](https://www.postgresql.org/docs/11/postgres-fdw.html) support and [Streaming Replication](https://wiki.postgresql.org/wiki/Streaming_Replication) - Git 2.9+ - All nodes must run the same GitLab version. diff --git a/doc/administration/geo/replication/security_review.md b/doc/administration/geo/replication/security_review.md index e2cfe48f2ea..0ac8157220a 100644 --- a/doc/administration/geo/replication/security_review.md +++ b/doc/administration/geo/replication/security_review.md @@ -177,7 +177,7 @@ from [owasp.org](https://owasp.org/). ### What databases and application servers support the application? -- PostgreSQL >= 9.6, Redis, Sidekiq, Puma. +- PostgreSQL >= 11, Redis, Sidekiq, Puma. ### How will database connection strings, encryption keys, and other sensitive components be stored, accessed, and protected from unauthorized detection? diff --git a/doc/administration/gitaly/praefect.md b/doc/administration/gitaly/praefect.md index 77655b723e9..124f495187b 100644 --- a/doc/administration/gitaly/praefect.md +++ b/doc/administration/gitaly/praefect.md @@ -56,7 +56,7 @@ for improvements including The minimum recommended configuration for a Gitaly Cluster requires: - 1 highly available load balancer -- 1 highly available PostgreSQL server (PostgreSQL 9.6 or newer) +- 1 highly available PostgreSQL server (PostgreSQL 11 or newer) - 3 Praefect nodes - 3 Gitaly nodes (1 primary, 2 secondary) @@ -82,7 +82,7 @@ package (highly recommended), follow the steps below: Before beginning, you should already have a working GitLab instance. [Learn how to install GitLab](https://about.gitlab.com/install/). -Provision a PostgreSQL server (PostgreSQL 9.6 or newer). Configuration through +Provision a PostgreSQL server (PostgreSQL 11 or newer). Configuration through the Omnibus GitLab distribution is not yet supported. Follow this [issue](https://gitlab.com/gitlab-org/gitaly/issues/2476) for updates. @@ -138,7 +138,7 @@ of GitLab and should not be replicated. To complete this section you will need: - 1 Praefect node -- 1 PostgreSQL server (PostgreSQL 9.6 or newer) +- 1 PostgreSQL server (PostgreSQL 11 or newer) - An SQL user with permissions to create databases During this section, we will configure the PostgreSQL server, from the Praefect diff --git a/doc/administration/high_availability/database.md b/doc/administration/high_availability/database.md index a8728c8ab3a..6f1873af993 100644 --- a/doc/administration/high_availability/database.md +++ b/doc/administration/high_availability/database.md @@ -969,7 +969,7 @@ repmgr['trust_auth_cidr_addresses'] = %w(192.168.1.44/32 db2.example.com) ##### MD5 Authentication If you are running on an untrusted network, repmgr can use md5 authentication -with a [`.pgpass` file](https://www.postgresql.org/docs/9.6/libpq-pgpass.html) +with a [`.pgpass` file](https://www.postgresql.org/docs/11/libpq-pgpass.html) to authenticate. You can specify by IP address, FQDN, or by subnet, using the same format as in diff --git a/doc/administration/high_availability/pgbouncer.md b/doc/administration/high_availability/pgbouncer.md index 3b56008feb7..4c672f49e26 100644 --- a/doc/administration/high_availability/pgbouncer.md +++ b/doc/administration/high_availability/pgbouncer.md @@ -215,7 +215,7 @@ To start a session, run ```shell # gitlab-ctl pgb-console Password for user pgbouncer: -psql (9.6.8, server 1.7.2/bouncer) +psql (11.7, server 1.7.2/bouncer) Type "help" for help. pgbouncer=# diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index 42d64713508..2f6598da2da 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -256,6 +256,10 @@ NOTE: **Note:** Set the limit to `0` to disable it. - [Length restrictions for file and directory names](../user/project/wiki/index.md#length-restrictions-for-file-and-directory-names). +## Snippets limits + +See the [documentation on Snippets settings](snippets/index.md). + ## Push Event Limits ### Webhooks and Project Services diff --git a/doc/administration/troubleshooting/ssl.md b/doc/administration/troubleshooting/ssl.md index f230f047ded..e6c081e1eea 100644 --- a/doc/administration/troubleshooting/ssl.md +++ b/doc/administration/troubleshooting/ssl.md @@ -46,6 +46,44 @@ After configuring a GitLab instance with an internal CA certificate, you might n If you have the problems listed above, add your certificate to `/etc/gitlab/trusted-certs` and run `sudo gitlab-ctl reconfigure`. +## X.509 key values mismatch error + +After configuring your instance with a certificate bundle, NGINX may throw the +following error: + +`SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch` + +This error means that the server certificate and key you have provided do not +match. You can confirm this by running the following command and comparing the +output: + +```shell +openssl rsa -noout -modulus -in path/to/your/.key | openssl md5 +openssl x509 -noout -modulus -in path/to/your/.crt | openssl md5 +``` + +The following is an example of an md5 output between a matching key and certificate. Note the +matching md5 hashes: + +```shell +$ openssl rsa -noout -modulus -in private.key | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +$ openssl x509 -noout -modulus -in public.crt | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +``` + +This is an opposing output with a non-matching key and certificate which shows different md5 hashes: + +```shell +$ openssl rsa -noout -modulus -in private.key | openssl md5 +d418865077299af27707b1d1fa83cd99 +$ openssl x509 -noout -modulus -in public.crt | openssl md5 +4f49b61b25225abeb7542b29ae20e98c +``` + +If the two outputs differ like the above example, there is a mismatch between the certificate +and key. You should contact the provider of the SSL certificate for further support. + ## Using GitLab Runner with a GitLab instance configured with internal CA certificate or self-signed certificate Besides getting the errors mentioned in diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md index 2759d6de085..51139da2d16 100644 --- a/doc/ci/docker/using_docker_images.md +++ b/doc/ci/docker/using_docker_images.md @@ -209,7 +209,7 @@ default: image: ruby:2.6 services: - - postgres:9.3 + - postgres:11.7 before_script: - bundle install @@ -235,14 +235,14 @@ default: test:2.6: image: ruby:2.6 services: - - postgres:9.3 + - postgres:11.7 script: - bundle exec rake spec test:2.7: image: ruby:2.7 services: - - postgres:9.4 + - postgres:12.2 script: - bundle exec rake spec ``` @@ -257,7 +257,7 @@ default: entrypoint: ["/bin/bash"] services: - - name: my-postgres:9.4 + - name: my-postgres:11.7 alias: db-postgres entrypoint: ["/usr/local/bin/db-postgres"] command: ["start"] @@ -289,7 +289,7 @@ variables: POSTGRES_INITDB_ARGS: "--encoding=UTF8 --data-checksums" services: -- name: postgres:9.4 +- name: postgres:11.7 alias: db entrypoint: ["docker-entrypoint.sh"] command: ["postgres"] diff --git a/doc/development/documentation/styleguide.md b/doc/development/documentation/styleguide.md index ab57ff686b5..44f3a83bbcb 100644 --- a/doc/development/documentation/styleguide.md +++ b/doc/development/documentation/styleguide.md @@ -794,9 +794,11 @@ For more information, see the [confidential issue](../../user/project/issues/con ### Link to specific lines of code -When linking to specifics lines within a file, link to a commit instead of to the branch. +When linking to specific lines within a file, link to a commit instead of to the branch. Lines of code change through time, therefore, linking to a line by using the commit link -ensures the user lands on the line you're referring to. +ensures the user lands on the line you're referring to. The **Permalink** button, which is +available when viewing a file within a project, makes it easy to generate a link to the +most recent commit of the given file. - **Do:** `[link to line 3](https://gitlab.com/gitlab-org/gitlab/-/blob/11f17c56d8b7f0b752562d78a4298a3a95b5ce66/.gitlab/issue_templates/Feature%20proposal.md#L3)` - **Don't:** `[link to line 3](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal.md#L3).` diff --git a/doc/development/filtering_by_label.md b/doc/development/filtering_by_label.md index 6f6d7afc040..19dece0d5c9 100644 --- a/doc/development/filtering_by_label.md +++ b/doc/development/filtering_by_label.md @@ -80,7 +80,7 @@ it did not improve query performance. ## Attempt B: Denormalize using an array column Having [removed MySQL support in GitLab 12.1](https://about.gitlab.com/blog/2019/06/27/removing-mysql-support/), -using [PostgreSQL's arrays](https://www.postgresql.org/docs/9.6/arrays.html) became more +using [PostgreSQL's arrays](https://www.postgresql.org/docs/11/arrays.html) became more tractable as we didn't have to support two databases. We discussed denormalizing the `label_links` table for querying in [issue #49651](https://gitlab.com/gitlab-org/gitlab-foss/issues/49651), @@ -91,7 +91,7 @@ and `epics`: `issues.label_ids` would be an array column of label IDs, and `issues.label_titles` would be an array of label titles. These array columns can be complemented with [GIN -indexes](https://www.postgresql.org/docs/9.6/gin-intro.html) to improve +indexes](https://www.postgresql.org/docs/11/gin-intro.html) to improve matching. ### Attempt B1: store label IDs for each object diff --git a/doc/development/geo.md b/doc/development/geo.md index b922fdfa119..bf56340f8ec 100644 --- a/doc/development/geo.md +++ b/doc/development/geo.md @@ -216,15 +216,11 @@ bundle exec rake geo:db:migrate Foreign Data Wrapper ([FDW](#fdw)) is used by the [Geo Log Cursor](#geo-log-cursor) and improves the performance of many synchronization operations. -FDW is a PostgreSQL extension ([`postgres_fdw`](https://www.postgresql.org/docs/current/postgres-fdw.html)) that is enabled within +FDW is a PostgreSQL extension ([`postgres_fdw`](https://www.postgresql.org/docs/11/postgres-fdw.html)) that is enabled within the Geo Tracking Database (on a **secondary** node), which allows it to connect to the readonly database replica and perform queries and filter data from both instances. -While FDW is available in older versions of PostgreSQL, we needed to -raise the minimum required version to 9.6 as this includes many -performance improvements to the FDW implementation. - This persistent connection is configured as an FDW server named `gitlab_secondary`. This configuration exists within the database's user context only. To access the `gitlab_secondary`, GitLab needs to use the diff --git a/doc/development/go_guide/index.md b/doc/development/go_guide/index.md index 8eb192a62cf..6eadcdb5711 100644 --- a/doc/development/go_guide/index.md +++ b/doc/development/go_guide/index.md @@ -249,6 +249,59 @@ Programs handling a lot of IO or complex operations should always include [benchmarks](https://golang.org/pkg/testing/#hdr-Benchmarks), to ensure performance consistency over time. +## Using errors + +### Adding context + +Adding context before you return the error can be helpful, instead of +just returning the error. This allows developers to understand what the +program was trying to do when it entered the error state making it much +easier to debug. + +For example: + +```go +// Wrap the error +return nil, fmt.Errorf("get cache %s: %w", f.Name, err) + +// Just add context +return nil, fmt.Errorf("saving cache %s: %v", f.Name, err) +``` + +A few things to keep in mind when adding context: + +- Decide if you want to expose the underlying error + to the caller. If so, use `%w`, if not, you can use `%v`. +- Don't use words like `failed`, `error`, `didn't`. As it's an error, + the user already knows that something failed and this might lead to + having strings like `failed xx failed xx failed xx`. Explain _what_ + failed instead. +- Error strings should not be capitalized or end with punctuation or a + newline. You can use `golint` to check for this. + +### Naming + +- When using sentinel errors they should always be named like `ErrXxx`. +- When creating a new error type they should always be named like + `XxxError`. + +### Checking Error types + +- To check error equality don't use `==`. Use + [`errors.Is`](https://pkg.go.dev/errors?tab=doc#Is) instead (for Go + versions >= 1.13). +- To check if the error is of a certain type don't use type assertion, + use [`errors.As`](https://pkg.go.dev/errors?tab=doc#As) instead (for + Go versions >= 1.13). + +### References for working with errors + +- [Go 1.13 errors](https://blog.golang.org/go1.13-errors). +- [Programing with + errors](https://peter.bourgon.org/blog/2019/09/11/programming-with-errors.html). +- [Don’t just check errors, handle them + gracefully](https://dave.cheney.net/2016/04/27/dont-just-check-errors-handle-them-gracefully). + ## CLIs Every Go program is launched from the command line. diff --git a/doc/development/namespaces_storage_statistics.md b/doc/development/namespaces_storage_statistics.md index d6b2a7460cd..3065d4f84a2 100644 --- a/doc/development/namespaces_storage_statistics.md +++ b/doc/development/namespaces_storage_statistics.md @@ -38,7 +38,7 @@ alternative method. ### Attempt A: PostgreSQL materialized view -Model can be updated through a refresh strategy based on a project routes SQL and a [materialized view](https://www.postgresql.org/docs/9.6/rules-materializedviews.html): +Model can be updated through a refresh strategy based on a project routes SQL and a [materialized view](https://www.postgresql.org/docs/11/rules-materializedviews.html): ```sql SELECT split_part("rs".path, '/', 1) as root_path, diff --git a/doc/development/verifying_database_capabilities.md b/doc/development/verifying_database_capabilities.md index a5f5661ac9b..f6c78e51299 100644 --- a/doc/development/verifying_database_capabilities.md +++ b/doc/development/verifying_database_capabilities.md @@ -12,7 +12,7 @@ To facilitate this we have the following methods that you can use: This allows you to write code such as: ```ruby -if Gitlab::Database.version.to_f >= 9.6 +if Gitlab::Database.version.to_f >= 11.7 run_really_fast_query else run_fast_query diff --git a/doc/install/requirements.md b/doc/install/requirements.md index 7a0b2056a7b..74c03c8ee4e 100644 --- a/doc/install/requirements.md +++ b/doc/install/requirements.md @@ -174,7 +174,7 @@ If you are using [GitLab Geo](../development/geo.md): - The [tracking database](../development/geo.md#using-the-tracking-database) requires the - [postgres_fdw](https://www.postgresql.org/docs/9.6/postgres-fdw.html) + [postgres_fdw](https://www.postgresql.org/docs/11/postgres-fdw.html) extension. ```sql diff --git a/doc/topics/autodevops/customize.md b/doc/topics/autodevops/customize.md index ac9b2ded720..0b312837260 100644 --- a/doc/topics/autodevops/customize.md +++ b/doc/topics/autodevops/customize.md @@ -353,7 +353,7 @@ The following table lists variables related to the database. | `POSTGRES_USER` | The PostgreSQL user. Defaults to `user`. Set it to use a custom username. | | `POSTGRES_PASSWORD` | The PostgreSQL password. Defaults to `testing-password`. Set it to use a custom password. | | `POSTGRES_DB` | The PostgreSQL database name. Defaults to the value of [`$CI_ENVIRONMENT_SLUG`](../../ci/variables/README.md#predefined-environment-variables). Set it to use a custom database name. | -| `POSTGRES_VERSION` | Tag for the [`postgres` Docker image](https://hub.docker.com/_/postgres) to use. Defaults to `9.6.2`. | +| `POSTGRES_VERSION` | Tag for the [`postgres` Docker image](https://hub.docker.com/_/postgres) to use. Defaults to `11.7`. | ### Disable jobs diff --git a/doc/topics/autodevops/stages.md b/doc/topics/autodevops/stages.md index 57fb20b67fd..3dcde4ab065 100644 --- a/doc/topics/autodevops/stages.md +++ b/doc/topics/autodevops/stages.md @@ -346,7 +346,7 @@ version of the PostgreSQL chart that supports Kubernetes 1.16 and higher: 1. Set the: - `AUTO_DEVOPS_POSTGRES_CHANNEL` variable to `2`. - - `POSTGRES_VERSION` variable to `9.6.16` or higher. + - `POSTGRES_VERSION` variable to `11.7` or higher. DANGER: **Danger:** Opting into `AUTO_DEVOPS_POSTGRES_CHANNEL` version `2` deletes the version `1` PostgreSQL database. Follow the diff --git a/doc/topics/autodevops/upgrading_postgresql.md b/doc/topics/autodevops/upgrading_postgresql.md index 2f50a897481..bee76fdf62f 100644 --- a/doc/topics/autodevops/upgrading_postgresql.md +++ b/doc/topics/autodevops/upgrading_postgresql.md @@ -173,7 +173,7 @@ TIP: **Tip:** You can also PostgreSQL. 1. Set `AUTO_DEVOPS_POSTGRES_DELETE_V1` to a non-empty value. This flag is a safeguard to prevent accidental deletion of databases. -1. Set `POSTGRES_VERSION` to `9.6.16`. This is the minimum PostgreSQL +1. Set `POSTGRES_VERSION` to `11.7`. This is the minimum PostgreSQL version supported. 1. Set `PRODUCTION_REPLICAS` to `0`. For other environments, use `REPLICAS` with an [environment scope](../../ci/environments.md#scoping-environments-with-specs). diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md index ce7b962a943..ebd89d9a017 100644 --- a/doc/user/application_security/dependency_scanning/index.md +++ b/doc/user/application_security/dependency_scanning/index.md @@ -596,6 +596,19 @@ ensure that it can reach your private repository. Here is an example configurati setuptools.ssl_support.cert_paths = ['internal.crt'] ``` +## Limitations + +### Referencing local dependencies using a path in JavaScript projects + +Although dependency scanning doesn't support it, you can reference dependencies by using a +[local path](https://docs.npmjs.com/files/package.json#local-paths) in the `package.json` for a +JavaScript project. The dependency scan generates the following error when you use +`file: ` to reference a package: + +```text +ERROR: Could not find dependencies: . You may need to run npm install +``` + ## Troubleshooting ### Error response from daemon: error processing tar file: docker-tar: relocation error diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 572619f7630..4544d672484 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -201,9 +201,19 @@ security team when a merge request would introduce one of the following security - A security vulnerability - A software license compliance violation -This threshold is defined as `high`, `critical`, or `unknown` severity. When any vulnerabilities are -present within a merge request, an approval is required from the `Vulnerability-Check` approver -group. +The security vulnerability threshold is defined as `high`, `critical`, or `unknown` severity. The +`Vulnerability-Check` approver group must approve merge requests that contain vulnerabilities. + +When GitLab can assess vulnerability severity, the rating can be one of the following: + +- `unknown` +- `low` +- `medium` +- `high` +- `critical` + +The rating `unknown` indicates that the underlying scanner doesn't contain or provide a severity +rating. ### Enabling Security Approvals within a project diff --git a/doc/user/clusters/crossplane.md b/doc/user/clusters/crossplane.md index 9a1dde52956..a9a5f768ec8 100644 --- a/doc/user/clusters/crossplane.md +++ b/doc/user/clusters/crossplane.md @@ -167,7 +167,7 @@ metadata: specTemplate: writeConnectionSecretsToNamespace: gitlab-managed-apps forProvider: - databaseVersion: POSTGRES_9_6 + databaseVersion: POSTGRES_11_7 region: $REGION settings: tier: db-custom-1-3840 @@ -189,7 +189,7 @@ metadata: specTemplate: writeConnectionSecretsToNamespace: gitlab-managed-apps forProvider: - databaseVersion: POSTGRES_9_6 + databaseVersion: POSTGRES_11_7 region: $REGION settings: tier: db-custom-1-3840 diff --git a/doc/user/snippets.md b/doc/user/snippets.md index 79d1751d13f..00014dc32ee 100644 --- a/doc/user/snippets.md +++ b/doc/user/snippets.md @@ -11,6 +11,44 @@ There are two types of snippets: - Personal snippets. - Project snippets. +## Personal snippets + +Personal snippets are not related to any project and can be created completely +independently. There are 3 visibility levels that can be set, public, internal +and private. See [Public access](../public_access/public_access.md) for more information. + +## Project snippets + +Project snippets are always related to a specific project. +See [Project features](project/index.md#project-features) for more information. + +## Create a snippet + +To create a personal snippet, click the plus icon (**{plus-square-o}**) +on the top navigation and select **New snippet** from the dropdown menu: + +![New personal snippet from non-project pages](img/new_personal_snippet_v12_10.png) + +If you're on a project's page but you want to create a new personal snippet, +click the plus icon (**{plus-square-o}**) and select **New snippet** from the +lower part of the dropdown (**GitLab** on GitLab.com; **Your Instance** on +self-managed instances): + +![New personal snippet from project pages](img/new_personal_snippet_from_project_v12_10.png) + +To create a project snippet, navigate to your project's page and click the +plus icon (**{plus-square-o}**), then select **New snippet** from the upper +part of the dropdown (**This project**). + +![New personal snippet from project pages](img/new_project_snippet_from_project_v12_10.png) + +From there, add the **Title**, **Description**, and a **File** name with the +appropriate extension (for example, `example.rb`, `index.html`). + +CAUTION: **Warning:** +Make sure to add the file name to get code highlighting and to avoid this +[copy-pasting bug](https://gitlab.com/gitlab-org/gitlab/-/issues/22870). + ## Versioned Snippets > [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/239) in GitLab 13.0. @@ -61,7 +99,7 @@ master branch. ### Limitations - Binary files are not supported. -- Creating or deleting branches is not supported. Only a default *master* +- Creating or deleting branches is not supported. Only a default *master*. branch is used. - Git tags are not supported in snippet repositories. - Snippets' repositories are limited to one file. Attempting to push more @@ -70,45 +108,7 @@ than one file will result in an error. it's planned to be added in future iterations. See the [revisions tab issue](https://gitlab.com/gitlab-org/gitlab/-/issues/39271) for updates. - The [maximum size for a snippet](../administration/snippets/index.md#snippets-content-size-limit) -is 50MB, by default. - -## Personal snippets - -Personal snippets are not related to any project and can be created completely -independently. There are 3 visibility levels that can be set, public, internal -and private. See [Public access](../public_access/public_access.md) for more information. - -## Project snippets - -Project snippets are always related to a specific project. -See [Project features](project/index.md#project-features) for more information. - -## Create a snippet - -To create a personal snippet, click the plus icon (**{plus-square-o}**) -on the top navigation and select **New snippet** from the dropdown menu: - -![New personal snippet from non-project pages](img/new_personal_snippet_v12_10.png) - -If you're on a project's page but you want to create a new personal snippet, -click the plus icon (**{plus-square-o}**) and select **New snippet** from the -lower part of the dropdown (**GitLab** on GitLab.com; **Your Instance** on -self-managed instances): - -![New personal snippet from project pages](img/new_personal_snippet_from_project_v12_10.png) - -To create a project snippet, navigate to your project's page and click the -plus icon (**{plus-square-o}**), then select **New snippet** from the upper -part of the dropdown (**This project**). - -![New personal snippet from project pages](img/new_project_snippet_from_project_v12_10.png) - -From there, add the **Title**, **Description**, and a **File** name with the -appropriate extension (for example, `example.rb`, `index.html`). - -CAUTION: **Warning:** -Make sure to add the file name to get code highlighting and to avoid this -[copy-pasting bug](https://gitlab.com/gitlab-org/gitlab/-/issues/22870). +is 50 MB, by default. ## Discover snippets -- cgit v1.2.3