Skip to content
Snippets Groups Projects
Commit 8cb64cea authored by 🤖 GitLab Bot 🤖's avatar 🤖 GitLab Bot 🤖
Browse files

Automatic merge of gitlab-org/gitlab master

parents b5b9b0a8 4308bf66
No related branches found
No related tags found
No related merge requests found
Showing
with 132 additions and 97 deletions
......@@ -134,8 +134,16 @@ export default {
</div>
</template>
<template #left-secondary>
<div v-if="!errorStatusRow" class="gl-display-flex" data-testid="left-secondary-infos">
<span>{{ packageEntity.version }}</span>
<div
v-if="!errorStatusRow"
class="gl-display-flex gl-align-items-center"
data-testid="left-secondary-infos"
>
<gl-truncate
class="gl-max-w-15 gl-md-max-w-26"
:text="packageEntity.version"
:with-tooltip="true"
/>
<div v-if="pipelineUser" class="gl-display-none gl-sm-display-flex gl-ml-2">
<gl-sprintf :message="s__('PackageRegistry|published by %{author}')">
......
......@@ -36,7 +36,7 @@ export default () => {
const attachMainComponent = () =>
new Vue({
el,
name: 'PackageRegistery',
name: 'PackageRegistry',
router,
apolloProvider,
provide: {
......
......@@ -126,10 +126,9 @@ export default {
<slot name="right-action"></slot>
</div>
</div>
<div class="gl-display-flex">
<div v-if="isDetailsShown" class="gl-display-flex">
<div class="gl-w-7"></div>
<div
v-if="isDetailsShown"
class="gl-display-flex gl-flex-direction-column gl-flex-grow-1 gl-bg-gray-10 gl-rounded-base gl-inset-border-1-gray-100 gl-mb-3"
>
<div
......
......@@ -27,6 +27,16 @@ $border-radius-medium: 3px;
}
}
.search-max-w-inherit {
max-width: inherit;
}
.search-wrap-f-md-down {
@include gl-media-breakpoint-down(md) {
white-space: normal !important;
}
}
.search {
margin: 0 8px;
......
......@@ -63,10 +63,13 @@ def self.safe_create_for_namespace(group_or_project_namespace)
group = group_or_project_namespace.is_a?(Group) ? group_or_project_namespace : group_or_project_namespace.parent
top_level_group = group.root_ancestor
aggregation = find_by(group_id: top_level_group.id)
return aggregation if aggregation.present?
return aggregation if aggregation&.enabled?
insert({ group_id: top_level_group.id }, unique_by: :group_id)
find_by(group_id: top_level_group.id)
# At this point we're sure that the group is licensed, we can always enable the aggregation.
# This re-enables the aggregation in case the group downgraded and later upgraded the license.
upsert({ group_id: top_level_group.id, enabled: true })
find(top_level_group.id)
end
private
......
.search-results-status
.gl-display-flex.gl-flex-direction-column
.gl-p-5.gl-display-flex
.gl-md-display-flex.gl-text-left.gl-align-items-center.gl-flex-grow-1
.gl-p-5.gl-display-flex.gl-max-w-full.gl-sm-flex-direction-column
.gl-md-display-flex.gl-text-left.gl-align-items-center.gl-flex-grow-1.gl-text-truncate
- unless @search_service_presenter.without_count?
= search_entries_info(@search_objects, @scope, @search_term)
- unless @search_service_presenter.show_snippets?
- if @project
- link_to_project = link_to(@project.full_name, @project, class: 'ml-md-1')
- link_to_project = link_to(@project.full_name, @project, class: 'ml-md-1 gl-text-truncate search-wrap-f-md-down')
- if @scope == 'blobs'
= _("in")
.mx-md-1
......
......@@ -3,11 +3,11 @@
- noteable_identifier = note.noteable.try(:iid) || note.noteable.try(:id)
.search-result-row
%h5.note-search-caption.str-truncated
= sprite_icon('comment', css_class: 'gl-vertical-align-text-bottom')
= link_to_member(project, note.author, avatar: false)
- link_to_project = link_to(project.full_name, project)
= _("commented on %{link_to_project}").html_safe % { link_to_project: link_to_project }
%h5.note-search-caption.gl-max-w-full
%span.gl-display-inline-block.gl-text-truncate.search-max-w-inherit.gl-vertical-align-bottom
= sprite_icon('comment', css_class: 'gl-vertical-align-text-bottom')
= link_to_member(project, note.author, avatar: false)
= _("commented on %{link_to_project}").html_safe % { link_to_project: link_to(project.full_name, project) }
&middot;
- if note.for_commit?
......
......@@ -148,7 +148,7 @@ POST /projects/:id/feature_flags
| `description` | string | no | The description of the feature flag. |
| `active` | boolean | no | The active state of the flag. Defaults to true. [Supported](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38350) in GitLab 13.3 and later. |
| `strategies` | JSON | no | The feature flag [strategies](../operations/feature_flags.md#feature-flag-strategies). |
| `strategies:name` | JSON | no | The strategy name. Can be `default`, `gradualRolloutUserId`, `userWithId`, or `gitlabUserList`. In [GitLab 13.5](https://gitlab.com/gitlab-org/gitlab/-/issues/36380) and later, can be [`flexibleRollout`](https://docs.getunleash.io/user_guide/activation_strategy#gradual-rollout). |
| `strategies:name` | JSON | no | The strategy name. Can be `default`, `gradualRolloutUserId`, `userWithId`, or `gitlabUserList`. In [GitLab 13.5](https://gitlab.com/gitlab-org/gitlab/-/issues/36380) and later, can be [`flexibleRollout`](https://docs.getunleash.io/user_guide/activation_strategy/#gradual-rollout). |
| `strategies:parameters` | JSON | no | The strategy parameters. |
| `strategies:scopes` | JSON | no | The scopes for the strategy. |
| `strategies:scopes:environment_scope` | string | no | The environment scope of the scope. |
......
......@@ -8,7 +8,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98354) in GitLab 15.5.
GitLab provides an SCIM API that both implements [the RFC7644 protocol](https://tools.ietf.org/html/rfc7644)
GitLab provides an SCIM API that both implements [the RFC7644 protocol](https://www.rfc-editor.org/rfc/rfc7644)
and provides the `/Users` endpoint. The base URL is `/api/scim/v2/groups/:group_path/Users/`.
To use this API, [Group SSO](../user/group/saml_sso/index.md) must be enabled for the group.
......
......@@ -96,7 +96,7 @@ mysec_sast:
sast: gl-sast-report.json
```
Note that `gl-sast-report.json` is an example file path but any other filename can be used. See
`gl-sast-report.json` is an example file path but any other filename can be used. See
[the Output file section](#output-file) for more details. It's processed as a SAST report because
it's declared under the `reports:sast` key in the job definition, not because of the filename.
......@@ -150,7 +150,7 @@ regardless of the individual machine the scanner runs on.
Depending on the CI infrastructure,
the CI may have to fetch the Docker image every time the job runs.
For the scanning job to run fast and avoid wasting bandwidth, Docker images should be as small as
possible. You should aim for 50MB or smaller. If that isn't possible, try to keep it below 1.46 GB,
possible. You should aim for 50 MB or smaller. If that isn't possible, try to keep it below 1.46 GB,
which is the size of a DVD-ROM.
If the scanner requires a fully functional Linux environment,
......@@ -199,7 +199,7 @@ SAST and Dependency Scanning scanners must scan the files in the project directo
#### Container Scanning
In order to be consistent with the official Container Scanning for GitLab,
To be consistent with the official Container Scanning for GitLab,
scanners must scan the Docker image whose name and tag are given by
`CI_APPLICATION_REPOSITORY` and `CI_APPLICATION_TAG`, respectively. If the `DOCKER_IMAGE`
CI/CD variable is provided, then the `CI_APPLICATION_REPOSITORY` and `CI_APPLICATION_TAG` variables
......@@ -225,7 +225,7 @@ If you use the `CIS_KUBECONFIG` CI/CD variable, then the
the `CIS_KUBECONFIG` CI/CD variable, the value defaults to the value of
`$KUBECONFIG`. `$KUBECONFIG` is a predefined CI/CD variable configured when the project is assigned to a
Kubernetes cluster. When multiple contexts are provided in the `KUBECONFIG` variable, the context
selected as `current-context` will be used to fetch vulnerabilities.
selected as `current-context` is used to fetch vulnerabilities.
#### Configuration files
......@@ -440,7 +440,7 @@ Even when the [`Vulnerabilities`](#vulnerabilities) array for a given scan may b
should contain the complete list of potential identifiers to inform the Rails application of which
rules were executed.
When populated, the Rails application will automatically resolve previously detected vulnerabilities as no
When populated, the Rails application automatically resolves previously detected vulnerabilities as no
longer relevant when their primary identifier is not included.
##### Name, message, and description
......@@ -526,7 +526,7 @@ Not all vulnerabilities have CVEs, and a CVE can be identified multiple times. A
isn't a stable identifier and you shouldn't assume it as such when tracking vulnerabilities.
The maximum number of identifiers for a vulnerability is set as 20. If a vulnerability has more than 20 identifiers,
the system saves only the first 20 of them. Note that vulnerabilities in the [Pipeline Security](../../user/application_security/vulnerability_report/pipeline.md#view-vulnerabilities-in-a-pipeline)
the system saves only the first 20 of them. The vulnerabilities in the [Pipeline Security](../../user/application_security/vulnerability_report/pipeline.md#view-vulnerabilities-in-a-pipeline)
tab do not enforce this limit and all identifiers present in the report artifact are displayed.
#### Details
......
......@@ -237,3 +237,14 @@ actions:
- scan: secret_detection
- scan: container_scanning
```
## Avoiding duplicate scans
Scan execution policies can cause the same type of scanner to run more than once if developers include scan jobs in the project's
`.gitlab-ci.yml` file. This behavior is intentional as scanners can run more than once with different variables and settings. For example, a
developer may want to try running a SAST scan with different variables than the one enforced by the security and compliance team. In
this case, two SAST jobs run in the pipeline, one with the developer's variables and one with the security and compliance team's variables.
If you want to avoid running duplicate scans, you can either remove the scans from the project's `.gitlab-ci.yml` file or disable your
local jobs by setting `SAST_DISABLED: true`. Disabling jobs this way does not prevent the security jobs defined by scan execution
policies from running.
......@@ -14,7 +14,7 @@ export const COMMON_JS_SETUP_WITH_NPM = `const { glClientSDK } = require('@gitla
this.glClient = glClientSDK({ '$applicationId', '$host' });`;
export const HTML_SCRIPT_SETUP = `<script src="https://unpkg.com/@gitlab/application-sdk-js/gl-sdk.min.js"></script>
export const HTML_SCRIPT_SETUP = `<script src="https://unpkg.com/@gitlab/application-sdk-js/dist/gl-sdk.min.js"></script>
<script>window.glClient = window.glSDK.glClientSDK({
applicationId: '$applicationId',
host: '$host',
......
# frozen_string_literal: true
module Arkose
module ContentSecurityPolicy
extend ActiveSupport::Concern
included do
content_security_policy do |policy|
next unless policy.directives.present?
allow_for_login = Feature.enabled?(:arkose_labs_login_challenge)
allow_for_signup = Feature.enabled?(:arkose_labs_signup_challenge)
allow_for_identity_verification = Feature.enabled?(:arkose_labs_oauth_signup_challenge)
next unless allow_for_login || allow_for_signup || allow_for_identity_verification
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
script_src_values = Array.wrap(default_script_src) | ["https://*.arkoselabs.com"]
policy.script_src(*script_src_values)
default_frame_src = policy.directives['frame-src'] || policy.directives['default-src']
frame_src_values = Array.wrap(default_frame_src) | ['https://*.arkoselabs.com']
policy.frame_src(*frame_src_values)
end
end
end
end
# frozen_string_literal: true
module ArkoseLabsCSP
extend ActiveSupport::Concern
included do
content_security_policy do |policy|
next unless policy.directives.present?
allow_for_login = Feature.enabled?(:arkose_labs_login_challenge)
allow_for_signup = Feature.enabled?(:arkose_labs_signup_challenge)
allow_for_identity_verification = Feature.enabled?(:arkose_labs_oauth_signup_challenge)
next unless allow_for_login || allow_for_signup || allow_for_identity_verification
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
script_src_values = Array.wrap(default_script_src) | ["https://*.arkoselabs.com"]
policy.script_src(*script_src_values)
default_frame_src = policy.directives['frame-src'] || policy.directives['default-src']
frame_src_values = Array.wrap(default_frame_src) | ['https://*.arkoselabs.com']
policy.frame_src(*frame_src_values)
end
end
end
......@@ -7,7 +7,7 @@ module RegistrationsController
include ::Gitlab::Utils::StrongMemoize
prepended do
include ArkoseLabsCSP
include Arkose::ContentSecurityPolicy
skip_before_action :check_captcha, if: -> { ::Feature.enabled?(:arkose_labs_signup_challenge) }
before_action only: [:new, :create] do
......
......@@ -6,7 +6,7 @@ module SessionsController
extend ::Gitlab::Utils::Override
prepended do
include ArkoseLabsCSP
include Arkose::ContentSecurityPolicy
before_action :gitlab_geo_logout, only: [:destroy]
before_action only: [:new] do
......
......@@ -4,7 +4,7 @@ module Users
class IdentityVerificationController < ApplicationController
include AcceptsPendingInvitations
include ActionView::Helpers::DateHelper
include ArkoseLabsCSP
include Arkose::ContentSecurityPolicy
skip_before_action :authenticate_user!
before_action :require_unverified_user!
......
- page_title _('Your GitLab group')
.row.flex-grow-1.bg-gray-light
.d-flex.flex-column.align-items-center.w-100.gl-p-5
.row.gl-flex-grow-1.bg-gray-light
.gl-display-flex.gl-flex-direction-column.gl-align-items-center.gl-w-full.gl-p-5
= render 'shared/thanks_for_purchase_alert', plan_title: plan_title, quantity: params[:quantity].to_i
.edit-group.d-flex.flex-column.align-items-center.gl-pt-7
.edit-group.gl-display-flex.gl-flex-direction-column.gl-align-items-center.gl-pt-7
- if params[:new_user]
#progress-bar
%h2.center= _('Create your group')
......@@ -11,41 +11,43 @@
%div= _('A group represents your organization in GitLab. Groups allow you to manage users and collaborate across multiple projects.')
%div= _('Your %{plan} plan will be applied to your group.' % { plan: plan_title })
= gitlab_ui_form_for [:subscriptions, @group], html: { class: 'gl-show-field-errors card w-100 gl-p-5' } do |f|
= hidden_field_tag :new_user, params[:new_user]
= form_errors(@group)
.row
.form-group.group-name-holder.col-sm-12
= f.label :name, class: 'label-bold' do
= _('Group name (your organization)')
= f.text_field :name, class: 'form-control',
required: true,
title: _('Please fill in a descriptive name for your group.'),
autofocus: true
.form-text.text-muted= _('You can always edit this later')
.row
.form-group.col-sm-12
= f.label :path, class: 'label-bold' do
= _('Group URL')
.input-group.gl-field-error-anchor
.group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
.input-group-text
%span= root_url
= f.text_field :path, class: 'form-control js-validate-group-path',
autofocus: local_assigns[:autofocus] || false, required: true,
pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
title: group_url_error_message,
maxlength: ::Namespace::URL_MAX_LENGTH
%p.validation-error.gl-field-error.field-validation.hide
= _("Group path is already taken. We've suggested one that is available.")
%p.validation-success.gl-field-success.field-validation.hide= _('Group path is available.')
%p.validation-pending.gl-field-error-ignore.field-validation.hide= _('Checking group path availability...')
.row
.form-group.col-sm-12
= f.label :visibility_level, class: 'label-bold' do
= _('Visibility level')
= render 'shared/visibility_level', f: f, visibility_level: default_group_visibility, can_change_visibility_level: true, form_model: @group, with_label: false
.row
.form-group.col-sm-12.mb-0
= render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, block: true, button_options: { class: 'gl-mb-0' }) do
= _('Get started')
= render Pajamas::CardComponent.new do |c|
- c.body do
= gitlab_ui_form_for [:subscriptions, @group], html: { class: 'gl-show-field-errors gl-w-full gl-p-5' } do |f|
= hidden_field_tag :new_user, params[:new_user]
= form_errors(@group)
.row
.form-group.group-name-holder.col-sm-12
= f.label :name, class: 'label-bold' do
= _('Group name (your organization)')
= f.text_field :name, class: 'form-control',
required: true,
title: _('Please fill in a descriptive name for your group.'),
autofocus: true
.form-text.text-muted= _('You can always edit this later')
.row
.form-group.col-sm-12
= f.label :path, class: 'label-bold' do
= _('Group URL')
.input-group.gl-field-error-anchor
.group-root-path.input-group-prepend.has-tooltip{ title: group_path, :'data-placement' => 'bottom' }
.input-group-text
%span= root_url
= f.text_field :path, class: 'form-control js-validate-group-path',
autofocus: local_assigns[:autofocus] || false, required: true,
pattern: Gitlab::PathRegex::NAMESPACE_FORMAT_REGEX_JS,
title: group_url_error_message,
maxlength: ::Namespace::URL_MAX_LENGTH
%p.validation-error.gl-field-error.field-validation.hide
= _("Group path is already taken. We've suggested one that is available.")
%p.validation-success.gl-field-success.field-validation.hide= _('Group path is available.')
%p.validation-pending.gl-field-error-ignore.field-validation.hide= _('Checking group path availability...')
.row
.form-group.col-sm-12
= f.label :visibility_level, class: 'label-bold' do
= _('Visibility level')
= render 'shared/visibility_level', f: f, visibility_level: default_group_visibility, can_change_visibility_level: true, form_model: @group, with_label: false
.row
.form-group.col-sm-12.mb-0
= render Pajamas::ButtonComponent.new(type: :submit, variant: :confirm, block: true, button_options: { class: 'gl-mb-0' }) do
= _('Get started')
import MockAdapter from 'axios-mock-adapter';
import { TEST_HOST } from 'helpers/test_constants';
import axios from '~/lib/utils/axios_utils';
import { HTTP_STATUS_INTERNAL_SERVER_ERROR } from '~/lib/utils/http_status';
import { HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_OK } from '~/lib/utils/http_status';
import testActionFn from './vuex_action_helper';
const testActionFnWithOptionsArg = (...args) => {
......@@ -102,7 +102,7 @@ describe.each([testActionFn, testActionFnWithOptionsArg])(
};
it('returns original data of successful promise while checking actions/mutations', async () => {
mock.onGet(TEST_HOST).replyOnce(200, 42);
mock.onGet(TEST_HOST).replyOnce(HTTP_STATUS_OK, 42);
assertion = { mutations: [{ type: 'SUCCESS' }], actions: [{ type: 'ACTION' }] };
......@@ -138,7 +138,7 @@ describe.each([testActionFn, testActionFnWithOptionsArg])(
});
};
mock.onGet(TEST_HOST).replyOnce(200, 42);
mock.onGet(TEST_HOST).replyOnce(HTTP_STATUS_OK, 42);
assertion = { mutations: [{ type: 'SUCCESS' }], actions: [{ type: 'ACTION' }] };
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment