Commit d47f9d23 authored by 🤖 GitLab Bot 🤖's avatar 🤖 GitLab Bot 🤖

Add latest changes from gitlab-org/gitlab@master

parent c158fa8d
Pipeline #109944395 failed with stages
in 41 minutes and 49 seconds
......@@ -36,6 +36,8 @@ class GroupMembersFinder < UnionFinder
relations << descendant_members
end
return GroupMember.none if relations.empty?
members = find_union(relations, GroupMember)
filter_members(members, params)
end
......
......@@ -5,7 +5,7 @@
class Epic < ApplicationRecord
include IgnorableColumns
ignore_column :milestone_id, remove_after: '2019-12-15', remove_with: '12.7'
ignore_column :milestone_id, remove_after: '2020-02-01', remove_with: '12.8'
def self.link_reference_pattern
nil
......
......@@ -1325,7 +1325,7 @@ class Project < ApplicationRecord
end
def has_active_hooks?(hooks_scope = :push_hooks)
hooks.hooks_for(hooks_scope).any? || SystemHook.hooks_for(hooks_scope).any? || Gitlab::Plugin.any?
hooks.hooks_for(hooks_scope).any? || SystemHook.hooks_for(hooks_scope).any? || Gitlab::FileHook.any?
end
def has_active_services?(hooks_scope = :push_hooks)
......
......@@ -14,8 +14,12 @@ class Snippet < ApplicationRecord
include Editable
include Gitlab::SQL::Pattern
include FromUnion
include IgnorableColumns
extend ::Gitlab::Utils::Override
ignore_column :storage_version, remove_with: '12.9', remove_after: '2020-03-22'
cache_markdown_field :title, pipeline: :single_line
cache_markdown_field :description
cache_markdown_field :content
......
......@@ -14,7 +14,7 @@ class SystemHooksService
hook.async_execute(data, 'system_hooks')
end
Gitlab::Plugin.execute_all_async(data)
Gitlab::FileHook.execute_all_async(data)
end
private
......
......@@ -11,4 +11,4 @@
= render 'shared/web_hooks/index', hooks: @hooks, hook_class: @hook.class
= render 'shared/plugins/index'
= render 'shared/file_hooks/index'
- plugins = Gitlab::Plugin.files
- file_hooks = Gitlab::FileHook.files
.row.prepend-top-default
.col-lg-4
%h4.prepend-top-0
Plugins
= _('File Hooks')
%p
#{link_to 'Plugins', help_page_path('administration/plugins')} are similar to
system hooks but are executed as files instead of sending data to a URL.
= _('File hooks are similar to system hooks but are executed as files instead of sending data to a URL.')
= link_to _('For more information, see the File Hooks documentation.'), help_page_path('administration/file_hooks')
.col-lg-8.append-bottom-default
- if plugins.any?
- if file_hooks.any?
.card
.card-header
Plugins (#{plugins.count})
= _('File Hooks (%{count})') % { count: file_hooks.count }
%ul.content-list
- plugins.each do |file|
- file_hooks.each do |file|
%li
.monospace
= File.basename(file)
- else
.card.bg-light.text-center
.nothing-here-block No plugins found.
.nothing-here-block= _('No file hooks found.')
......@@ -158,7 +158,7 @@
- pages
- pages_domain_verification
- pages_domain_ssl_renewal
- plugin
- file_hook
- post_receive
- process_commit
- project_cache
......
# frozen_string_literal: true
class PluginWorker
class FileHookWorker
include ApplicationWorker
sidekiq_options retry: false
feature_category :integrations
def perform(file_name, data)
success, message = Gitlab::Plugin.execute(file_name, data)
success, message = Gitlab::FileHook.execute(file_name, data)
unless success
Gitlab::PluginLogger.error("Plugin Error => #{file_name}: #{message}")
Gitlab::FileHookLogger.error("File Hook Error => #{file_name}: #{message}")
end
true
......
---
title: 'Resolve Design View: Left/Right keyboard arrows through Designs'
merge_request: 22870
author:
type: added
---
title: Add returning relation from GroupMembersFinder if called on root group with
only inherited param
merge_request: 23161
author:
type: fixed
---
title: Allow Unicode 11 emojis in project names
merge_request: 22776
author: Harm Berntsen
type: changed
---
title: Added Conan installation instructions to Conan package details page
merge_request: 22390
author:
type: added
---
title: Rename GitLab Plugins feature to GitLab File Hooks
merge_request: 22979
author:
type: changed
---
title: Remove storage_version column from snippets
merge_request: 23004
author:
type: changed
---
title: Remove milestone_id from epics
merge_request: 20539
author: Lee Tickett
type: other
......@@ -76,7 +76,7 @@
- [pages_domain_ssl_renewal, 1]
- [object_storage_upload, 1]
- [object_storage, 1]
- [plugin, 1]
- [file_hook, 1]
- [pipeline_background, 1]
- [repository_update_remote_mirror, 1]
- [repository_remove_remote, 1]
......
# frozen_string_literal: true
class RemoveMilestoneIdFromEpics < ActiveRecord::Migration[5.2]
DOWNTIME = false
def up
remove_column :epics, :milestone_id
end
def down
add_column :epics, :milestone_id, :integer
end
end
# frozen_string_literal: true
class RemoveStorageVersionColumnFromSnippets < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
return unless column_exists?(:snippets, :storage_version)
remove_column :snippets, :storage_version
end
def down
add_column_with_default( # rubocop:disable Migration/AddColumnWithDefault
:snippets,
:storage_version,
:integer,
default: 2,
allow_null: false
)
end
end
......@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2020_01_14_180546) do
ActiveRecord::Schema.define(version: 2020_01_14_113341) do
# These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm"
......@@ -1538,7 +1538,6 @@ ActiveRecord::Schema.define(version: 2020_01_14_180546) do
end
create_table "epics", id: :serial, force: :cascade do |t|
t.integer "milestone_id"
t.integer "group_id", null: false
t.integer "author_id", null: false
t.integer "assignee_id"
......@@ -1577,7 +1576,6 @@ ActiveRecord::Schema.define(version: 2020_01_14_180546) do
t.index ["end_date"], name: "index_epics_on_end_date"
t.index ["group_id"], name: "index_epics_on_group_id"
t.index ["iid"], name: "index_epics_on_iid"
t.index ["milestone_id"], name: "index_milestone"
t.index ["parent_id"], name: "index_epics_on_parent_id"
t.index ["start_date"], name: "index_epics_on_start_date"
t.index ["start_date_sourcing_epic_id"], name: "index_epics_on_start_date_sourcing_epic_id", where: "(start_date_sourcing_epic_id IS NOT NULL)"
......@@ -3838,6 +3836,7 @@ ActiveRecord::Schema.define(version: 2020_01_14_180546) do
t.string "encrypted_secret_token_iv", limit: 255
t.boolean "secret", default: false, null: false
t.string "repository_storage", limit: 255, default: "default", null: false
t.integer "storage_version", default: 2, null: false
t.index ["author_id"], name: "index_snippets_on_author_id"
t.index ["content"], name: "index_snippets_on_content_trigram", opclass: :gin_trgm_ops, using: :gin
t.index ["created_at"], name: "index_snippets_on_created_at"
......@@ -4590,7 +4589,6 @@ ActiveRecord::Schema.define(version: 2020_01_14_180546) do
add_foreign_key "epics", "epics", column: "start_date_sourcing_epic_id", name: "fk_9d480c64b2", on_delete: :nullify
add_foreign_key "epics", "milestones", column: "due_date_sourcing_milestone_id", name: "fk_3c1fd1cccc", on_delete: :nullify
add_foreign_key "epics", "milestones", column: "start_date_sourcing_milestone_id", name: "fk_1fbed67632", on_delete: :nullify
add_foreign_key "epics", "milestones", on_delete: :nullify
add_foreign_key "epics", "namespaces", column: "group_id", name: "fk_f081aa4489", on_delete: :cascade
add_foreign_key "epics", "users", column: "assignee_id", name: "fk_dccd3f98fc", on_delete: :nullify
add_foreign_key "epics", "users", column: "author_id", name: "fk_3654b61b03", on_delete: :cascade
......
......@@ -107,7 +107,7 @@ recorded:
- Started/stopped user impersonation
It is possible to filter particular actions by choosing an audit data type from
the filter drop-down. You can further filter by specific group, project or user
the filter dropdown box. You can further filter by specific group, project or user
(for authentication events).
![audit log](img/audit_log.png)
......
# File hooks
> Introduced in GitLab 10.6.
> Until 12.8 the feature name was Plugins.
With custom file hooks, GitLab administrators can introduce custom integrations
without modifying GitLab's source code.
NOTE: **Note:**
Instead of writing and supporting your own file hook you can make changes
directly to the GitLab source code and contribute back upstream. This way we can
ensure functionality is preserved across versions and covered by tests.
NOTE: **Note:**
File hooks must be configured on the filesystem of the GitLab server. Only GitLab
server administrators will be able to complete these tasks. Explore
[system hooks] or [webhooks] as an option if you do not have filesystem access.
A file hook will run on each event so it's up to you to filter events or projects
within a file hook code. You can have as many file hooks as you want. Each file hook will
be triggered by GitLab asynchronously in case of an event. For a list of events
see the [system hooks] documentation.
## Setup
The file hooks must be placed directly into the `plugins` directory, subdirectories
will be ignored. There is an
[`example` directory inside `plugins`](https://gitlab.com/gitlab-org/gitlab/tree/master/plugins/examples)
where you can find some basic examples.
Follow the steps below to set up a custom hook:
1. On the GitLab server, navigate to the plugin directory.
For an installation from source the path is usually
`/home/git/gitlab/plugins/`. For Omnibus installs the path is
usually `/opt/gitlab/embedded/service/gitlab-rails/plugins`.
For [highly available] configurations, your hook file should exist on each
application server.
1. Inside the `plugins` directory, create a file with a name of your choice,
without spaces or special characters.
1. Make the hook file executable and make sure it's owned by the Git user.
1. Write the code to make the file hook function as expected. That can be
in any language, and ensure the 'shebang' at the top properly reflects the
language type. For example, if the script is in Ruby the shebang will
probably be `#!/usr/bin/env ruby`.
1. The data to the file hook will be provided as JSON on STDIN. It will be exactly
same as for [system hooks]
That's it! Assuming the file hook code is properly implemented, the hook will fire
as appropriate. The file hooks file list is updated for each event, there is no
need to restart GitLab to apply a new file hook.
If a file hook executes with non-zero exit code or GitLab fails to execute it, a
message will be logged to:
- `gitlab-rails/plugin.log` in an Omnibus installation.
- `log/plugin.log` in a source installation.
## Creating file hooks
Below is an example that will only response on the event `project_create` and
will inform the admins from the GitLab instance that a new project has been created.
```ruby
# By using the embedded ruby version we eliminate the possibility that our chosen language
# would be unavailable from
#!/opt/gitlab/embedded/bin/ruby
require 'json'
require 'mail'
# The incoming variables are in JSON format so we need to parse it first.
ARGS = JSON.parse(STDIN.read)
# We only want to trigger this file hook on the event project_create
return unless ARGS['event_name'] == 'project_create'
# We will inform our admins of our gitlab instance that a new project is created
Mail.deliver do
from 'info@gitlab_instance.com'
to 'admin@gitlab_instance.com'
subject "new project " + ARGS['name']
body ARGS['owner_name'] + 'created project ' + ARGS['name']
end
```
## Validation
Writing your own file hook can be tricky and it's easier if you can check it
without altering the system. A rake task is provided so that you can use it
in a staging environment to test your file hook before using it in production.
The rake task will use a sample data and execute each of file hook. The output
should be enough to determine if the system sees your file hook and if it was
executed without errors.
```bash
# Omnibus installations
sudo gitlab-rake file_hooks:validate
# Installations from source
cd /home/git/gitlab
bundle exec rake file_hooks:validate RAILS_ENV=production
```
Example of output:
```
Validating file hooks from /plugins directory
* /home/git/gitlab/plugins/save_to_file.clj succeed (zero exit code)
* /home/git/gitlab/plugins/save_to_file.rb failure (non-zero exit code)
```
[system hooks]: ../system_hooks/system_hooks.md
[webhooks]: ../user/project/integrations/webhooks.md
[highly available]: ./high_availability/README.md
......@@ -245,7 +245,7 @@ To add a Prometheus dashboard for a single server GitLab setup:
1. Create a new data source in Grafana.
1. Name your data source i.e GitLab.
1. Select `Prometheus` in the type drop down.
1. Select `Prometheus` in the type dropdown box.
1. Add your Prometheus listen address as the URL and set access to `Browser`.
1. Set the HTTP method to `GET`.
1. Save & Test your configuration to verify that it works.
......
# GitLab Plugin system
---
redirect_to: 'file_hooks.md'
---
> Introduced in GitLab 10.6.
With custom plugins, GitLab administrators can introduce custom integrations
without modifying GitLab's source code.
NOTE: **Note:**
Instead of writing and supporting your own plugin you can make changes
directly to the GitLab source code and contribute back upstream. This way we can
ensure functionality is preserved across versions and covered by tests.
NOTE: **Note:**
Plugins must be configured on the filesystem of the GitLab server. Only GitLab
server administrators will be able to complete these tasks. Explore
[system hooks] or [webhooks] as an option if you do not have filesystem access.
A plugin will run on each event so it's up to you to filter events or projects
within a plugin code. You can have as many plugins as you want. Each plugin will
be triggered by GitLab asynchronously in case of an event. For a list of events
see the [system hooks] documentation.
## Setup
The plugins must be placed directly into the `plugins` directory, subdirectories
will be ignored. There is an
[`example` directory inside `plugins`](https://gitlab.com/gitlab-org/gitlab/tree/master/plugins/examples)
where you can find some basic examples.
Follow the steps below to set up a custom hook:
1. On the GitLab server, navigate to the plugin directory.
For an installation from source the path is usually
`/home/git/gitlab/plugins/`. For Omnibus installs the path is
usually `/opt/gitlab/embedded/service/gitlab-rails/plugins`.
For [highly available] configurations, your hook file should exist on each
application server.
1. Inside the `plugins` directory, create a file with a name of your choice,
without spaces or special characters.
1. Make the hook file executable and make sure it's owned by the Git user.
1. Write the code to make the plugin function as expected. That can be
in any language, and ensure the 'shebang' at the top properly reflects the
language type. For example, if the script is in Ruby the shebang will
probably be `#!/usr/bin/env ruby`.
1. The data to the plugin will be provided as JSON on STDIN. It will be exactly
same as for [system hooks]
That's it! Assuming the plugin code is properly implemented, the hook will fire
as appropriate. The plugins file list is updated for each event, there is no
need to restart GitLab to apply a new plugin.
If a plugin executes with non-zero exit code or GitLab fails to execute it, a
message will be logged to:
- `gitlab-rails/plugin.log` in an Omnibus installation.
- `log/plugin.log` in a source installation.
## Creating plugins
Below is an example that will only response on the event `project_create` and
will inform the admins from the GitLab instance that a new project has been created.
```ruby
# By using the embedded ruby version we eliminate the possibility that our chosen language
# would be unavailable from
#!/opt/gitlab/embedded/bin/ruby
require 'json'
require 'mail'
# The incoming variables are in JSON format so we need to parse it first.
ARGS = JSON.parse(STDIN.read)
# We only want to trigger this plugin on the event project_create
return unless ARGS['event_name'] == 'project_create'
# We will inform our admins of our gitlab instance that a new project is created
Mail.deliver do
from 'info@gitlab_instance.com'
to 'admin@gitlab_instance.com'
subject "new project " + ARGS['name']
body ARGS['owner_name'] + 'created project ' + ARGS['name']
end
```
## Validation
Writing your own plugin can be tricky and it's easier if you can check it
without altering the system. A rake task is provided so that you can use it
in a staging environment to test your plugin before using it in production.
The rake task will use a sample data and execute each of plugin. The output
should be enough to determine if the system sees your plugin and if it was
executed without errors.
```bash
# Omnibus installations
sudo gitlab-rake plugins:validate
# Installations from source
cd /home/git/gitlab
bundle exec rake plugins:validate RAILS_ENV=production
```
Example of output:
```
Validating plugins from /plugins directory
* /home/git/gitlab/plugins/save_to_file.clj succeed (zero exit code)
* /home/git/gitlab/plugins/save_to_file.rb failure (non-zero exit code)
```
[system hooks]: ../system_hooks/system_hooks.md
[webhooks]: ../user/project/integrations/webhooks.md
[highly available]: ./high_availability/README.md
This document was moved to [File Hooks](file_hooks.md), after the Plugins feature was renamed to File Hooks.
......@@ -44,7 +44,7 @@ To enable or disable GitLab CI/CD Pipelines in your project:
- **Private**: Only project members can access pipelines.
- **Internal** or **Public**: Pipelines can be set to either **Only Project Members**
or **Everyone With Access** via the drop-down box.
or **Everyone With Access** via the dropdown box.
Press **Save changes** for the settings to take effect.
......
......@@ -244,7 +244,7 @@ Once the database is created, connect to your new RDS instance to verify access
and to install a required extension.
You can find the host or endpoint by selecting the instance you just created and
after the details drop down you'll find it labeled as 'Endpoint'. Do not to
after the details dropdown menu you'll find it labeled as 'Endpoint'. Do not to
include the colon and port number:
```sh
......
......@@ -226,7 +226,7 @@ connections:
![Azure - Add inbound security rules - HTTP](img/azure-add-inbound-sec-rule-http.png)
1. Enter **"HTTP"** in the `Name` field
1. Select **HTTP** from the options in the `Service` drop-down
1. Select **HTTP** from the options in the `Service` dropdown list
1. Make sure the `Action` is set to **Allow**
1. Click **"OK"**
......@@ -238,7 +238,7 @@ accept [SSH] connections:
![Azure - Add inbound security rules - SSH](img/azure-add-inbound-sec-rule-ssh.png)
1. Enter **"SSH"** in the `Name` field
1. Select **SSH** from the options in the `Service` drop-down
1. Select **SSH** from the options in the `Service` dropdown list
1. Make sure the `Action` is set to **Allow**
1. Click **"OK"**
......
......@@ -269,6 +269,15 @@ it highlighted:
}
],
"remediations": [
{
"fixes": [
{
"cve": "debian:9:apt:CVE-2019-3462"
}
],
"summary": "Upgrade apt from 1.4.8 to 1.4.9",
"diff": "YXB0LWdldCB1cGRhdGUgJiYgYXB0LWdldCB1cGdyYWRlIC15IGFwdA=="
}
]
}
```
......@@ -305,7 +314,11 @@ the report JSON unless stated otherwise. Presence of optional fields depends on
| `vulnerabilities[].links` | An array of references to external documentation pieces or articles that describe the vulnerability further. Optional. |
| `vulnerabilities[].links[].name` | Name of the vulnerability details link. Optional. |
| `vulnerabilities[].links[].url` | URL of the vulnerability details document. Optional. |
| `remediations` | Not supported yet. |
| `remediations` | An array of objects containing information on cured vulnerabilities along with patch diffs to apply. Empty if no remediations provided by an underlying analyzer. |
| `remediations[].fixes` | An array of strings that represent references to vulnerabilities fixed by this particular remediation. |
| `remediations[].fixes[].cve` | A string value that describes a fixed vulnerability occurrence in the same format as `vulnerabilities[].cve`. |
| `remediations[].summary` | Overview of how the vulnerabilities have been fixed. |
| `remediations[].diff` | base64-encoded remediation code diff, compatible with [`git apply`](https://git-scm.com/docs/git-format-patch#_discussion). |
## Troubleshooting
......
......@@ -71,6 +71,8 @@ Designs cannot be added if the issue has been moved, or its
## Viewing designs
Images on the Design Management page can be enlarged by clicking on them.
You can navigate through designs by clicking on the navigation buttons on the
top-right corner or with <kbd>Left</kbd>/<kbd>Right</kbd> keyboard buttons.
The number of comments on a design — if any — is listed to the right
of the design filename. Clicking on this number enlarges the design
......
......@@ -9,8 +9,7 @@ module Gitlab
include SelfMonitoring::Helpers
steps :validate_self_monitoring_project_exists,
:destroy_project_owner,
:delete_project_id
:destroy_project
def initialize
super(nil)
......@@ -30,29 +29,16 @@ module Gitlab
success(result)
end
def destroy_project_owner(result)
def destroy_project(result)
return success(result) unless project_created?
if self_monitoring_project.owner.destroy
if self_monitoring_project.destroy
success(result)
else
log_error(self_monitoring_project.errors.full_messages)
error(_('Error deleting project. Check logs for error details.'))
end
end
def delete_project_id(result)
update_result = application_settings.update(
instance_administration_project_id: nil
)
if update_result
success(result)
else
log_error("Could not delete self monitoring project ID, errors: %{errors}" % { errors: application_settings.errors.full_messages })
error(_('Could not delete project ID'))
end
end
end
end
end
......
# frozen_string_literal: true
module Gitlab
module Plugin
module FileHook
def self.any?
plugin_glob.any? { |entry| File.file?(entry) }
end
......@@ -17,7 +17,7 @@ module Gitlab
def self.execute_all_async(data)
args = files.map { |file| [file, data] }
PluginWorker.bulk_perform_async(args)
FileHookWorker.bulk_perform_async(args)
end
def self.execute(file, data)
......
# frozen_string_literal: true
module Gitlab
class PluginLogger < Gitlab::Logger
class FileHookLogger < Gitlab::Logger
def self.file_name_noext
'plugin'
end
......
......@@ -5,7 +5,7 @@ module Gitlab
extend self
def project_name_regex
@project_name_regex ||= /\A[\p{Alnum}\u{00A9}-\u{1f9c0}_][\p{Alnum}\p{Pd}\u{00A9}-\u{1f9c0}_\. ]*\z/.freeze
@project_name_regex ||= /\A[\p{Alnum}\u{00A9}-\u{1f9ff}_][\p{Alnum}\p{Pd}\u{00A9}-\u{1f9ff}_\. ]*\z/.freeze
end
def project_name_regex_message
......
namespace :plugins do
namespace :file_hooks do
desc 'Validate existing plugins'
task validate: :environment do
puts 'Validating plugins from /plugins directory'
puts 'Validating file hooks from /plugins directory'
Gitlab::Plugin.files.each do |file|
success, message = Gitlab::Plugin.execute(file, Gitlab::DataBuilder::Push::SAMPLE_DATA)
Gitlab::FileHook.files.each do |file|
success, message = Gitlab::FileHook.execute(file, Gitlab::DataBuilder::Push::SAMPLE_DATA)
if success
puts "* #{file} succeed (zero exit code)."
......
......@@ -5187,9 +5187,6 @@ msgstr ""
msgid "Could not delete chat nickname %{chat_name}."
msgstr ""
msgid "Could not delete project ID"
msgstr ""
msgid "Could not fetch projects"
msgstr ""
......@@ -7992,6 +7989,12 @@ msgstr ""
msgid "Fetching licenses failed. You are not permitted to perform this action."
msgstr ""
msgid "File Hooks"
msgstr ""
msgid "File Hooks (%{count})"
msgstr ""
msgid "File added"
msgstr ""
......@@ -8001,6 +8004,9 @@ msgstr ""
msgid "File deleted"
msgstr ""